CU Forms Ltd acts as a Data Processor under the Data Protection Act. This guide answers the common questions regarding Data Protection. For further information please contact us.
What Personal Data do you process as a Data Processor?
cuForms defines data in two terms: Personal Data [PD] and Personal Sensitive Data [PDS] on its forms. We do this to create our data retention rules. As a default Personal Data [PD] is redacted after 18 months and Personal Sensitive Data [PDS] is redacted after 3 months. Clients managers can change the detention rules in the 'Account' section of their portal.
A full list of PD and PDS can be found in our manual here
What online identifiers do you store?
Cookies
IP address
Device Mac address
Is Personal Data processed compliant with the GDPR principle of Lawful Processing?
As Data processors forms developed are built either by our clients or by us on behalf of our clients. The responsibilty of lawful processing is placed on the clients and data controllers when designing forms
Do you have consent from individuals completing application forms for the collection of Personal Data?
As Data processors forms developed are built either by our clients or by us on behalf of our clients. The responsibilty of gaining consent from applicants is placed on the clients and data controllers when designing forms. Where we design forms on behalf of Clients we ensure a mandatory acceptance to collect and store data is added to forms.
Are individuals able to make requests to access data held about them within the required timescales?
Yes. Individuals should contact support@cuforms.org.uk to request access to data held. We protect the rights of our Clients when receiving requests and will always liaise with Clients when requests are received.
Are individuals able to exercise their rights to be forgotton and have data erased?
Yes. Individuals should contact support@cuforms.org.uk to request to be forgotton. We protect the rights of our Clients when receiving requests and will always liaise with Clients when requests are received. We will not erase data without permission of our Clients or until 3 months after we have informed our Clients of the request received.
Are individuals able to exercise their rights to restrict processing?
Yes. Individuals should contact support@cuforms.org.uk to request processing is restricted. We protect the rights of our Clients when receiving requests for restriction of processing and will always liaise with Clients when requests are received.
Are individuals able to exercise their rights to data portability?
Yes. Individuals should contact support@cuforms.org.uk to request data for portability.
Are individuals able to object to data held?
Yes. Individuals should contact support@cuforms.org.uk to object to data held. We protect the rights of our Clients when receiving objectionse and will always liaise with Clients when requests are received.
Are individuals able to request data rectification?
Yes. Individuals should contact support@cuforms.org.uk if they wish to have their data rectified. This rectification can be undertaken by our Clients but we will do this on their behalf when requested.
Are individuals subject to automated decision making without intervention and are they able to withdraw consent?
Our automated decision and profiling tool only provides a recommendation and requires human intervention at some stage so there is no need to withdraw consent.
Is Personal Data encrypted?
Yes. Data is stored using 256 bit encryption using a SSL certificate provided by GeoTrust
Is data held in the European Union?
Yes. Data is currently held on a https://1and1.co.uk server hosted in Denmark.
If a contract with a Client is ended is Personal Data deleted?
When a contract with a Client ends we will ask the Client if they want the data held by us. They may need to hold data for legal reasons so we need assurances before deleting data. If we do not hear from Clients after 3 calendar months we will automatically delete data held.
|
|