At Elucidat, we’ve always been extremely diligent about looking after the personal data of those who entrust us with it. We’ve always been fully compliant with the Data Protection Act in the UK.
To ensure ongoing compliance with GDPR we have further enhanced our data protection practices, further strengthening our accountability and establishing processes to allow individuals to exercise their rights as data subjects.
Prior to GDPR coming into force in May 2018, we engaged with data consultants to ensure our technical and organisational measures met best practice. This engagement is ongoing to ensure we continue to excel in this area.
When it comes to the data we handle for Authors of our software, Elucidat is a Data Controller. We also act as a Data Controller when we handle Contact data for our prospective and existing customers. Our lawful bases for operating falls under legitimate interest and contract as we enable and administer your service.
You can find more information on our public compliance pages here. These provide transparency about how, why and where we process data.
We are also a Data Processor for Learners of the courses which our customers create. The customer being the Data Controller in these circumstances.
As a SaaS business it’s important that we hold consistent data processing agreements across our customer base. This allows us to effectively meet our compliance obligations. We have set out our Data Processor Terms on our compliance pages, which seek to give reassurance about how we act as a Data Processor. Our compliance pages also list our third party sub processors who are subject to thorough research to ensure their data processes are compliant with GDPR and their status regularly monitored.
We know the importance of data availability. Our physical and technical setup is designed to be secure, keeping data confidential and safe, with robust password management and encryption technology used throughout our structure. It’s also designed for swift restoration and containment should an issue or breach occur. We have clear processes in place in the event of an incident.
Our mission is to bake data protection by design into our day-to-day culture at Elucidat. This is supported and endorsed at Director level with clear lines of governance and accountability across the company. It also means that we consider the perspective of our customers - have we thought through what they might expect, what’s fair and would we be able to justify our position?
We have a framework in place to formally review our policies and processes annually, as well as quarterly reviews with key personnel to ensure we are acting with integrity and accountability. We meet to assess changes and ensure that our reporting and policies are accurate and up to date. We are continually seeking to improve what we do and apply similar expectations to any partners and suppliers which we work with.
For further information or any questions regarding data management and security, contact firstname.lastname@example.org.
Registered with the ICO: ZA094651