1. The purpose of the policy.
The aim of this policy is to describe how WASP Software manages the privacy of the data it collects and processes.
WASP is an IT software company that produces innovative software solutions for health care providers. As a Company WASP is committed to the secure storage of any data it collects and processes. At all times WASP endeavours to comply with the General Data Protection Regulations (GDPR) and their enactment the Data Protection Act 2018 (DPA) in addition to any other relevant and appropriate legislation, best practice and Customer requirements.
2. How your information is collected.
The Company collects information in a variety of ways – via an online enquiry form, website traffic monitoring, Cookies, staff recruitment, product sales and support.
In addition, the Company will collect details of third parties, contractors and suppliers in the course of day to day business activities. This information will be collected via telephone conversations, hardcopy, email and from websites.
3. What information is collected and why.
Name, telephone number, email address and organisation name and address will be collected so that a member of the Company can respond to the person making an enquiry about Company products, to provide marketing material, as part of the recruitment process, for invoicing/payment purposes, to provide customer support.
In accordance with UK regulations details of job candidates are collected during the recruitment process, these include contact details and details of any qualifications and experience. Upon appointment further information is collected in order to complete the Baseline Personnel Security Standard (BPSS) checks and DBS checks and registration. These records are retained in accordance with legal and best practice guidelines.
Customer Personally Identifiable Information (PII) will be collected during the sales and support process in order to facilitate the sale, payments and to respond to any future queries, this information will be retained for the duration of the agreement and for a period 90 days afterwards to complete any outstanding actions.
Relevant customer details will be passed to third party financial institutions for processing and payment.
Third parties, contractors and suppliers
Contractor, third party and supplier details will be collected and processed for the duration of their service to us to facilitate necessary business transactions.
All employees are bound by the terms of their employment to maintain the confidentiality of all Customer, contractor and supplier personally identifiable information, sensitive information and all data controlled by the Customer for the duration of the persons employment with WASP and for all time after the end of their employment.
4. Additional information processing.
As part of the business activities of WASP we undertake occasional information processing of Customer controlled data as part of the support service we provide to the software we produce and sell. The information processing is done on the Customerís network and never exported to an external system. WASP always work in accordance with Customer data processing procedures having first fulfilled the criteria necessary to access the network. WASP use some Cloud based services in the course of their day to day activities. It is possible that the servers operating the services may be based in countries outside the UK/EEU. All businesses operating in the UK/EEU are required, by law, to conduct their business in accordance with the GDPR.
5. Our commitment.
The Company is committed to processing all data with respect, in accordance with the law and in accordance with industry best practice. Information will only be retained for as long as there is a legitimate need for it after which time it will be permanently destroyed along with any copies.
WASP will never pass your information to another company without your consent or send information outside of the UK except when required to do so by an enforcement agency, in accordance with the GDPR/DPA.
WASP will never knowingly use a service or a product that fails to practice in accordance with the law or does not meet the security standards required by WASP and our Customers.
6. Your rights.
As detailed under Article 5 of the GDPR these rights include, but are not limited to:
Information will be processed lawfully, fairly and in a transparent manner
Information will be collected for specific and legitimate purposes and processed for these reasons
The information collected will not be in excess of what is necessary
Information will be up to date and accurate
Information will only be stored for as long as is necessary
Information will be kept secure
The updating and/or deletion of the data except where other factors (legislation, enforcement agencies) prevents it
Opting out of receiving marketing and promotional materials
Obtaining a copy of the material held about the person in an easy to read and mutually acceptable format (the Company reserves the right to make a charge for this service when the request is deemed to be excessive or requires a substantial use of resources).