GDPR FAQ

Your GDPR Assessments

 

We recognise that you too will be going through your GDPR implementation process and will have questions for data processors like ourselves.

In that regard, we’d encourage you to read about how we safeguard your data in our Data Security and Privacy articles. These documents already cover the majority of GDPR related questions, but if you have any more questions, please raise them through your help centre.

 

Will GDPR affect my company?

Almost certainly. Any company that stores or processes personally identifiable information for EU residents will be responsible for complying with the new regulations, even if that company is not based in the EU.

Will Elite Limited be GDPR compliant by the deadline?

Most definitely, Yes.

Will I be GDPR compliant when using Elite Services as a data processor?

Elite is currently in the process of completing our own GDPR compliance and this will be completed before the GDPR deadline. This will mean that you will be compliant when using Elite as a data processor for your own GDPR compliance. That said we cannot account for your own internal processes and policies which could impact your compliance with the law. You can have faith that all that Elite are responsible for will adhere to the law.

Does Elite store Personally Identifiable Information (PII)?

Yes. PII data is considered any information you store which can uniquely identify an individual either directly or indirectly. Elite stores various pieces of user information would be counted as PII data. Pseudonymisation occurs where possible to further protect your personal information.

What PII data does Elite Limited store?

Elite Limited stores various pieces of user information would be counted as PII data including, but not limited to:

Does any of my data leave the EU?

Yes. Elite Limited uses third-party applications to help monitor our infrastructure, track services and ensure we maintain good performance, availability, and usability for our customers. Some of these third-party services are hosted outside of the EU. All of our third parties are hosted in countries which obey strict and lawful standards of security. Such as EU-U.S. and Swiss-U.S. Privacy Shield Notice. All efforts have been made to move personal data into the EU/EEC.

Does Elite Limited send my data to any third parties?

Yes. Elite uses third-party applications to help monitor our infrastructure and track our services for our customers. We are currently in the process of ensuring all our third-party suppliers meet GDPR requirements and we have updated our Privacy Policy to give full details of all our third-party suppliers with detailed information of what information we send to them and how it is processed. Further details on 3rd party tools and systems can be found in Privacy Policy – 3rd Party Apps

Do I need to sign a Data Processing Agreement (DPA) with Elite?

Elite will be updating our terms and conditions, along with our privacy policy to include all the required elements of GDPR compliance. This will ensure that you can use Elite as a data processor and remain fully compliant. This will not require the signing of a specific data processing agreement.

Does Elite Limited process Personal Data of its customers?

Yes, Elite processes customer Personal Data to provide the products and services and for other limited purposes detailed out in our Privacy Policy.

How is my personal information processed?

We process personal information to enable us to provide services to you, the customer. Only when necessary is this shared with 3rd parties (Communication and Service Records).

How the information is stored and what data security measures are in place.

Passwords are only stored as an MD5 hash with no plain text storage. All other information is stored to ISO27001 standards (Accreditation Pending)

How long the information is stored.

For our customers, indefinitely, although if a customer leaves and requests “to be forgotten” information will be deleted where possible and Pseudonymisation will be applied where unable.

Do you have a specific data processing agreement?

At present there is no specific agreement, our current aim is to include the required terms (as specified in Article 28 of the GDPR Act) into our standard terms and conditions.

Is Data encrypted?

In part. Data is transferred to Elite Limited using HTTPS. Passwords are stored in a Hashed form. Databases are not stored encrypted due to the overhead impact and this would affect our ability to provide our customers with a quick and affordable service. DB encryption can be requested by individual customers. Any extracts of customer data in the form of reports and other mobile formats are encrypted outside of our secure infrastructure.

Pin It on Pinterest