GDPR May 2018 Statement
Our software solutions: PARS, INSIGHT, CURA and TARGET:
Although the interfaces to these are web based, the data only resides with yourselves and we are not required to have access ourselves.
We do not store or process any personal data held by these systems ourselves, and are neither Data Processors nor Data Controllers.
Our staff do not have access to this data or are able to access copies of it, excepting that in extreme circumstances we may jointly agree to obtain a backup of your data for investigative purposes as part of a technical support case. Where our staff are expected to have sight of any data, they are required to sign and adhere to a Data Handling Checklist, which includes references to confidentiality.
While we use appropriate technical measures within the software itself to limit access to those permitted to use it, but we are unable to affect or dictate the environment the software is hosted within. We expect that you will have hardened your servers and infrastructure to the levels specified in your own pertinent policies. As an example it is to be expected that Certificates will be used to encrypt any data leaving your network, and that only modern protocols are used. Tools such as https://www.ssllabs.com and https://www.owasp.org can help with testing aspects of your environment if you have any concerns.
To help you with compliance our software offers your Data Controller a dedicated screen where each data area used by the software is listed and your Data Controller can specify the legal basis for which that data is being processed.
Any data you hold at the end of a contract remains yours, to be retained according to your own various retention and deletion policies.
Customer relationship management
We need to collect and use certain types of information about the Individuals or Service Users who come into contact with TASC Software in order to carry on our work. This data is limited and used for purposes including but not limited to accessing our online helpdesk, to inform you of updates to support cases, changes to software that might affect you, and to notify you of software updates. This includes Personal data, and we are the Data Controller in this respect. Please refer to our full Data Protection Policy available at http://www.tascsoftware.co.uk/resources/ for details about the circumstances where we may share this data.
In the event that we jointly agree to receive databases from you for the purposes of technical support investigation, we have responsibilities under the GDPR regulations as Data Processors for this data. Please refer to the Data Sharing Agreement which forms part of the terms agreed to upon installing or updating the software for details of the procedures and measures taken whilst the data remains in our care.