GDPR Compliance and Softescu
As of 25 May 2018, Softescu must comply with the enforceable EU General Data Protection Regulation (GDPR). According to the definitions of the regulation, Softescu is not a data processor, as we are not processing personal data on behalf of our customers.
This means that the legitimate and specific purpose for collecting personal data through our professional services unit is always determined by the customer.
Softescu, as an IT company, is committed to assisting its customers in the responsibilities regarding any personal data collected through our development practice.
Collecting and processing personal data
“Services do not require access
to any personal data”
Softescu’s development services do not require access to any personal data that our clients might collect or store.
Web development services can be done without any access to such data. Our practice for data privacy is to ensure that any personal information stays only on our customer-side and it is not collected, transferred or saved on any Softescu infrastructure.
In cases there are requirements to access personal data or identifiable personal data, Softescu signs additional agreements that specify conditions for accessing, storing or deleting these type of data, thus ensuring a limited liability for both ourselves and our customers.
ISO 27001 on information security
Softescu is compliant with ISO 27001. While the ISO standard does not impose any strict requirements (yet) for GDPR, it ensures that there is a strong policy within the company to increase privacy and protection of personal data.
Additional information about GDPR
For more information, see the pages:
• GDPR website
• ISO 27001 standard
For queries and requests related to data access and data protection in general, please contact firstname.lastname@example.org