As a data processors we sometimes hold data on our clients' (the controller's) behalf.
The protection of client data has always been of paramount importance to us, even before GDPR. Because of this we have in the past, and will continue to, hold regular reviews to ensure the information we look after is safeguarded.
Impelling has never and will never share client data with any third party providers unless specifically requested to do so in writing by the data's controller.
We have full awareness of where any client data is being held & when outside the EU, ensuring appropriate compliance is in place and always ensure controllers have the right to view, amend, export or delete any information that we hold on their behalf, including anything held by 3rd party services.
We are committed to the very best and latest security practices to protect client data on our servers. If, however, a breach does occur we have a robust process to deal with it. We'll inform all affected customers, letting them know exactly what information has leaked and do all we can to minimise the impact. This is covered more succinctly in our data breach policy.
We store only necessary information, as collected by, or on behalf of our clients.
We encrypt your data both at rest and in transit, and our site and storage processes are built for security.
We have thorough internal access controls and regulations. Only staff members who require access are granted and have all been security checked.
We follow the General Data Protection Regulation of May 2018. Although our business does not legally require a designated Data Protection Officer we have appointed one anyway. Accountability and privacy are principles designed into both our software and policies.
We're always happy to answer specific questions about how data is stored or managed. If you are an existing client you can do this by contacting your account manager in the usual way, calling our main phone line or by emailing us at our our data information specific inbox: firstname.lastname@example.org.
Your personal information is of paramount importance to us. At Impelling we take every precaution to ensure no data is leaked to the outside world. Any systems that hold personal data are designed and implemented with security and data protection in mind. Our servers are kept up to date, we ensure new security patches at kernel level, operating system level, and application level are applied promptly, and we regularly review the integrity of our systems.
Since we began trading Impelling has never had an data breach incident, however in the unlikely event one does occur we operate a policy of complete transparency. Any party who's personally identifiable information is leaked will be notified within 72 hours of the event occurring. Individuals will be informed exactly what information has leaked, and we'll work with each individual to minimise and mitigate any potential impact. A post mortem document will be issued to each affected party, detailing exactly how private data was obtained, and the measures we put in place to stop it happening again.
Ideally though, we hope the above measure's will never need to be implemented and our customers can continue to have the peace of mind that their data is safe and secure with Impelling. We will make every effort to ensure this continues to be the case.