fbpx

Data Protection and GDPR

Last Updated APRIL 2023

BeeSavvy is committed to protecting the privacy of our users and their customers. We stay appraised of developments in GDPR compliance laws to help ensure that you can be confident in the safety of your data while using our platform.

This page explains the rules, how they apply to your use of the BeeSavvy platform, and the steps we have taken to comply. It does not constitute legal advice.

You should review this document in conjunction with our Privacy Policy and contact a specialist legal professional if you require advice or more information.

General Data Protection Regulation (GDPR)

Regulation (EU) 2016/679, more commonly known as the General Data Protection Regulation (EU GDPR), is an EU regulation aimed at harmonizing GDPR compliance laws across the EU.

The EU GDPR focuses on giving individuals more control over how their data is used by companies and making the collection and processing of data more transparent.

The EU GDPR was incorporated directly into UK law following the end of the Brexit transition period, underscoring its importance to UK-based businesses and other entities subject to UK law. They must still comply with its provisions through the ‘UK GDPR.’ This document will refer to the EU GDPR and the UK GDPR, together, as the GDPR.

Basic GDPR concepts

Controller and processor
The GDPR imposes various obligations on a person depending on whether they are a controller or a processor of personal data.

A controller and processor GDPR is an entity that decides to process personal data and makes decisions regarding the basis of processing and the methods that will be used. Controllers have certain obligations regarding personal data, which you should familiarize yourself with before collecting personal data from your customers.

A processor is an entity which processes data for and on behalf of a controller. They make no independent decisions regarding the data or its processing, as they only process it on behalf of the controller and must comply with all instructions given by the controller.

When you use the BeeSavvy platform you are a controller. You are in control of the data you upload to the BeeSavvy platform, what you do with that data, and why. As a result, you are responsible for ensuring that you have a legal basis on which to process the data, and that you do not retain the data for any longer than is necessary.

You should ensure that you understand your obligations as a controller, and update your own systems and policies to allow the lawful transfer of personal data to BeeSavvy.

BeeSavvy is a data processor. We, through the BeeSavvy platform, store and otherwise process the data you have collected under your instructions. We will never use any personal data which you have uploaded to the BeeSavvy system for our own purposes or without your instruction.

Legal basis for processing
Personal data may only be collected and processed if there is a legal basis for doing so. The allowable legal bases are set out in the GDPR.

As a processor, BeeSavvy relies on our customers to select the correct basis under which they will be collecting and processing personal data, and to put the appropriate notices or consents in place. Before you use the BeeSavvy platform, you should take time to identify which legal bases may be available to you, and only collect and otherwise process personal data to the extent necessary to carry out that basis. You should not change the basis under which you have collected personal data without very good reason, so it is important to understand the requirements of the different bases and make sure you select the right one at the start.

Data subject access rights
The GDPR grants data subject rights (i.e., your customers) certain rights relating to their data, including the right to access, correct, and delete any data relating to them.

BeeSavvy has established systems for you to notify us if you receive a data subject request, and for us to inform you if we receive one. It’s important that you understand the obligations that will be placed on you, particularly regarding any personal data you hold on your own systems or services other than BeeSavvy.

Transfers of data to the USA
Personal data may not be transferred outside the EEA or the UK other than in accordance with the gdpr compliance. We utilize the Standard Contractual Clauses as part of our Data Processing Agreement which we sign with all of our customers.

Data Security
We have put in place security safeguards and measures to help ensure that any personal data we hold is stored securely. We regularly test our products for bugs and vulnerabilities.

We have regular back-up systems in place as well as data recovery and data integrity systems and processes to help minimize risk of corruption to or loss of personal data.

Steps we have taken to help ensure GDPR compliance

We take our duties as a processor very seriously. We have put in place a number of procedures and taken a number of steps to help ensure that we comply with the GDPR such as:

  • Our data processing agreement utilizes the Standard Contractual Clauses to provide a mechanism to lawfully send personal data to us in the USA.
  • We have tools designed to detect personal breaches and to inform our customers as soon as possible.
  • We are able to deal with subject access requests and rights of erasure requests, and to inform you when a data subject has made such a request to us.
  • We have assessed and documented the personal data processed by us on your behalf.
  • We encrypt personal data at rest and in transit and have implemented other security measures to ensure a level of security appropriate to the risk of processing your personal data.

BeeSavvy’s Data Processing Agreement