General Data Protection Regulation (GDPR) Statement

GDPR | Privacy policy | Cookies

The EU General Data Protection Regulation (GDPR) is a significant piece of European legislation which came into force in May 2018. It builds on existing data protection laws, strengthening the rights that EU individuals have over their personal data, and creating a single data protection approach across Europe.

Our services are compliant because:

  • We have fully assessed our own GDPR compliance both in terms of the services offered and in terms of our own internal policies and procedures.
  • Appropriate technical and personnel protocols are in place to ensure data security
  • We carry out due diligence against any sub-processors or other third party processors we use to ensure their GDPR compliance (such as data centres).
  • Only specific members of staff have access to our servers, limited to specific circumstances.
  • Customer data is not transferred outside the EU (all our services are hosted in the UK).
  • We have updated our privacy and cookie policies to incorporate the new GDPR obligations.
    https://www.lopezshackleford.co.uk/privacy/
    https://www.lopezshackleford.co.uk/privacy/cookie-policy/

Security

Technical measures

We keep up to date with all technical aspects of security and ensure the ongoing security of our servers and systems. This means that any security patches are applied to our systems as a matter of priority and any changes or updates to our own systems are done so with data protection and privacy in mind and where appropriate, in discussion with our customers.

Organisational measures

Access to the administrative portions of the hosting infrastructure are highly restricted, limited to personnel with a specific need.

Third party processors

Hosted Services

Payment processors

Cloud based Invoicing and accounting

Version: Jan 2020