GDPR – Navigator Systems | HireTrack NX | RentalDesk NX | Rental management software solutions for the professional sound, lighting, audio visual (AV) and production industries

GDPR Introduction

The General Data Protection Regulation (GDPR) is a new privacy regulation that comes into place on 25th May 2018. GDPR is a regulation in EU law on data protection and privacy for all individuals within the European Union but it also addresses the export of personal data outside the EU. After Brexit it will still be applicable in the UK. We believe the GDPR is good for users and good for security across the web.

Whilst we feel that the GDPR is predominantly aimed at regulating companies such as Facebook, Google and Twitter, who process a lot of data, this new regulation affects us all – even smaller companies that process just a limited amount of data. Even if a company uses data legitimately there is still a lot of work to do around the GDPR to rework privacy policies, update user access to data held about them and essentially make it easier for us all to see what data is held where and why that might be.

Here at Navigator Systems we take our responsibility for your personal data with the utmost seriousness. We never share your details with third parties without your permission and we never have, nor ever will sell your data to anyone.

How is Navigator Systems getting ready for the GDPR?

The GDPR defines what your personal data is. It covers your name, email, address, phone number, financial data such as your credit card details, age, behavioural information, usernames and much more. Much of this data is not collected by Navigator Systems as it is not relevant to the marketing, sales or support relationship you have with us however we have detailed in our privacy policy the kind of data we collect and what we do with it.

We have responsibility firstly for the data that we collect from you, the Navigator Systems prospect or client, and secondly for the data that you may collect and pass to us about your clients. Occasionally our support team may request an unencrypted copy of your database to help them track down an issue. In this case you may need a data processor agreement with ourselves. Please see this knowledgebase article.

Within HireTrack NX we have enhanced security restrictions to make it easier for you to meet your GDPR commitments and have changed how you send data to us.

Our marketing emails have always been opt-in and this remains the case going forward. We rely on either your consent or our legitimate business interests to send emails to you and we will continue to ensure there is always the option to unsubscribe in all marketing emails that we send. We have never purchase email lists – if we email marketing information to you, then you will have given us your consent in the past.

We only collect the minimal data we require to do business (including marketing) with you; personal names, company names, email addresses, street addresses, telephone numbers. If you follow us on social media, we may record that data too. We collect credit card details to efficiently process your payments – we meet all the requirements for PCI-DSS so you can be assured of a secured transaction. We believe that it is more secure to process your card online (via our 3rd party processor) than it is to ring and do it over the phone and as such we will not accept your credit card info over the phone or via email.

Your right to be forgotten – Under the GDPR you have the right to be forgotten, this means all of your data has to be deleted and never used again. There may be exceptions to this, for instance our legal obligation to keep business records such as invoices to comply with financial and tax legislation. We are developing our internal systems to make it simple for you to make this request and simple for us to process this. More information will be available in our knowledgebase. We will also be able to provide you with a copy of any data we hold on you.

Privacy Officer

Navigator Systems is only a small company so having one person solely as the privacy officer is not practical. All of our team are involved in the implementation of GDPR and going forward it will be maintained by all staff with specific requests for information being looked after by David Rose & Richard Cresswell.

[subscribe]

If you have enjoyed reading this article, please subscribe to our free newsletter and we will notify you when we write something new. See our simple sales & marketing policy, and our full privacy policy.