GDPR

Zxtech's Data Privacy Commitment and GDPR

On 25 May 2018, the EU General Data Protection Regulation (GDPR) will come into force, reflecting the importance of data protection in our increasingly digital world. Zxtech is a UK based organisation which sells product all over Europe and for us, it is important that the personal information of our customers and our own people is handled in accordance with GDPR.

The new regulation replaces the existing patchwork of directives and national legislation and brings a degree of long-anticipated consistency to the data protection landscape in Europe. This is setting the benchmark for other regions and many countries are following suit with equivalent arrangements. GDPR embodies the well-recognized privacy principles of transparency, fairness, and accountability.  GDPR also seeks to introduce a risk-based approach that enables innovation and participation in the global digital economy while respecting individual rights.

In our view, the digital economy can only flourish when you connect people, process, information and devices in an ethical, meaningful and secure way. That includes creating an environment in which everyone can easily do business and know their data is safeguarded. We are committed to helping our customers and partners by protecting and respecting personal data, no matter where it is from or where it flows.

What is Zxtech doing to be GDPR-ready?

As part of our continuous focus on information security and data privacy we are getting ready for GDPR through a managed programme of activities in the following areas:

Privacy by Design

Integrating data protection, privacy, and security requirements into product design and development methodologies. Embedding privacy requirements in the development cycle from ideation to launch, to validation. In short, we use privacy engineering techniques to evaluate and build better offerings to turn privacy by design policies into actions and tangible improvements.

Third party management

Ensuring that Zxtech’s valued partners and suppliers are best able to meet their obligations with respect to data privacy and establishing transparent arrangements through appropriate information sharing agreements. When we work with new suppliers or with long-established strategic partners we look to apply industry-leading standards that safeguard personal information.

Policies and procedures

Reviewing standards and processes to define personal information lifecycle and help ensure data transparency, accuracy, accessibility, completeness, security, and consistency. Our Privacy Policy reflecting GDPR requirements sets the context for how we obtain, store and use information relating to our customers and our own people.

Information Security

Reviewing and improving our enterprise-wide information security framework, ensuring that incident response process remains effective and that confidentiality, integrity and availability of personal information is assured through appropriate technical and organizational measures

Information Governance

Mapping our data and identifying what we have, what we are doing with it, where it is, where it flows, and who has access to it. We classify data based on risk and sensitivity in context. That risk is data-led/ person-led allowing us to focus on the outcome and purpose of processing leads to a better and more holistic risk profile and informs the commitment of data privacy that we make to our customers.

Further information

As controllers we are responsible for complying with the relevant requirements under the General Data Protection Regulation (“GDPR”) in respect of the personal data that we hold in connection with the contractual relationship. We are taking steps to ensure that we meet these GDPR requirements by 25 May 2018.

As part of our GDPR Readiness activities and as required by the regulations we are updating our analysis of processing activities as part of our continuous review of how personal information is handled across our business operations, products and services. As work progresses our customers will be updated with key information including:

  • Privacy Policy for our products and services
  • Refinements to our End User Licence Agreement and consent mechanisms
  • Mechanisms by which subject access requests can be made in a secure manner
  • Details of Zxtech products explaining how we meet our obligations with respect to GDPR and also wider information security requirements
  • A set of FAQ to answer the most common questions about Zxtech and GDPR latest by the end of May 2018 and this will also include your questions about where we are storing the data.

Our data protection governance arrangements and privacy mindset ensure that our operations are subject to continuous review to maintain alignment with GDPR. As we complete our preparations and as we introduce new products and services, the information provided here will therefore be updated periodically.

If you require further information relating to Zxtech and GDPR, please contact us at this email address: info@zxtech.co

FAQs

Need a quick answer to one of your Zxtech questions? Here you go

Is Zxtech GDPR Compliant?

We have a GDPR Readiness project operating to ensure we meet our obligations relating to data protection as the new regulations come into force

  • Zxtech’s preparations ahead of GDPR coming into force are being undertaken as a joint project with Zxtech subject experts supported by external business, technical and legal advisors with practical experience in data protection and wider security aspects
  • From the viewpoint of our customers, we are proud of the security measures that we already have in place and we do not expect any significant changes as a result of our GDPR readiness preparations
  • Zxtech class-leading products and services will operate as usual and we will ensure that our customers benefit from our attention to security and data protection
  • Zxtech will keep Customers informed of updates to aspects such as privacy notices that refer to the new regulations, as these become available in the next few months
  • There is no accredited third-party certification for GDPR at present. This may change in the future, for example, the European Commission may take forward a “ Data Protection Seal” Zxtech will keep watch on developments in this area

Where Does Zxtech Store Personal Information?

Zxtech is based in the UK and our products make use of industry-standard hosting providers operating in the UK called Fasthosts Internet Limited

  • As part of our GDPR Readiness activities and as required by the regulations we are updating our analysis of processing activities as part of our continuous review of how personal information is handled across our business operations, products and services
  • Zxtech is a UK organisation and it is important that the personal information of our customers and our own people is handled in accordance with GDPR
  • Our data protection governance arrangements and privacy mindset ensure that our operations are subject to continuous review to maintain alignment with GDPR as we introduce new products and services
  • Our Third-party service providers operate under the same regulatory regimes and we select industry-standard suppliers to ensure that we can deliver the best products and services

How Can I Request Access To My Personal Information?

We have online information for product users or get in touch with our Customer Satisfaction Team

  • We provide secure online self-service access to account information for our customers via the Management Console, In the other word, You can login on our website. All the information we hold for you will be visible once you login. You will be able to amend or delete the data from there.
  • If you need further information additional to that available through our online channels our customers can contact Zxtech Customer Service who will be pleased to assist with general enquiries.
  • If you have a specific request for personal information the Zxtech Customer Satisfaction team will pass on your request to our Data Protection team
  • If you are in regular contact with Zxtech Inside Sales or Enterprise Business they will be pleased to assist with a general enquiry or will pass on your request to our Customer Service and Data Protection teams as appropriate
  • Existing legislation and GDPR require organisations to respond to data subject access requests, Zxtech is already able to do so and this process is being refined in preparation for GDPR
  • We will need to authenticate your identity to ensure we handle any request securely

As A Zxtech User Will Anything Change?

No functional change is anticipated for Zxtech products, however, as part of our GDPR readiness preparations we are updating our Privacy Policy, these will be published and users notified

  • Zxtech EULA and Privacy Notices are being updated to contain wording that aligns with the requirements of GDPR
  • Once the Privacy Notices are updated for Zxtech’s set of products and services, users will be notified via email, Newsletter and/or in-product alerts
  • Where users have already consented to receive material such as the Zxtech Newsletter, we provide the ability for users to change or withdraw consent, for example adapting the frequency of newsletter or unsubscribing
  • As part of our product roadmap we review the business purpose for using personal information and as such there may be future changes to Privacy Notices and potentially consent aspects

Will Zxtech Customers Need A Data Processing Agreement

A Data Processing agreement will not be needed by many customers, updates to the EULA will be notified and should be sufficient. A DP Agreement will be made available for those commercial customers requiring one.

  • Zxtech’s EULA and Privacy Policy are being updated to align with the requirements of GDPR and this should be sufficient for many of our customers.
  • A commercial customer may require a Data Processing Agreement/Addendum to help demonstrate it is meeting its obligations with respect to GDPR. In such cases, Zxtech will provide a suitable template populated with the necessary details.

The Information Lifecycle

This is how we protect your data

1. Obtain

Person Information

  • We only use personal data when necessary & lawful
  • We notify the person when collecting their data in person or via 3rd Party
  • We request consent if required

2. Hold

Person Information

  • We only store personal data that must be used ongoing throughout the process
  • We secure the Data with encryption & access control, anonymisation or obfuscation
  • We keep information up to date

3. Use

Person Information

  • We check there is a lawful purpose
  • We use in line with consent provided
  • We suspend processing for individuals data
  • We track which data is shared with others

4. Delete

Person Information

  • We identify data for retention
  • We know when retention periods end
  • We securely delete data that is no longer needed

Want updates on GDPR?

If you would like to be kept up to date you are welcome to subscribe to our newsletter where we will provide updates on GDPR. Subscription option is shown below.