On May 25th 2018, the General Data Protection Regulation (GDPR) comes into effect. Busy Things can confirm that we will be fully compliant by this date.
Our relationship with our customers:
For most of our school customers, Busy Things acts as a Data Controller. We do not process any personal data on behalf of our customers. We do not offer individual logins for staff members or pupils, or require customers to disclose this information to us in order to use our service. Any personal information we collect from our customers is purely to enable us to deliver our service to them.
All data collected and processed by Busy Things is stored in a secure data centre in the UK meeting industry standards for security (ISO270001). All data is transmitted to and from this location using SSL encryption technologies. All data is backed up on a regular basis and stored securely off-site.
We do not transfer any data outside of the EU, or disclose personal data to 3rd parties, unless required by law, or with the explicit consent of the individuals involved.
All Busy Things employees receive on-going training regarding access to and use of customers Personal Data. Access to Personal Data is restricted based on their job requirements.
Under the GDPR, Busy Things is required to report all data breaches to the Information Commissioner's Office within 72 hours. As part of our breach response procedures, we will inform all affected parties as appropriate.
Subject Access Requests and Removal requests:
Individuals that Busy Things holds personal data on can request that we provide them with a record of the data we hold, or request that their data be removed. We will comply with all such requests in a timely manner.
The GDPR outlines 6 key principles:
Lawful, fair and transparent processing:
Purposeful and specific processing:
Busy Things will only process Personal Data for the purpose of delivering our service to our customers and for improving our Service.
Adequate, relevant and limited processing:
Busy Things only collects and processes Personal Data that is explicitly required to deliver our service.
Busy Things will strive to keep all Personal Data accurate and up-to-date. Customers can update their own Personal Data using the Manage Account area of our website and our staff will also be happy to help correct inaccurate data.
Busy Things data processing and storage facilities meets all industry standards for data security and transmission. Our employment policies and practices are focussed on protecting the security and integrity of the data we hold.
Our ICO Registration number: ZA033853
Our Data Protection Officer:
3 St. James Court,