PrintFleet's Data Protection Commitments to You
1. PrintFleet's Data Protection Commitments to You
1.1 We will, in relation to any Personal Data Processed by us on your behalf:
(a) Process that Personal Data only on your instructions or as otherwise agreed in writing with you, unless we are required by applicable laws to Process that Personal Data. When we rely on applicable laws to Process Personal Data on your behalf, we will promptly notify you of this before we carry out the Processing, unless those applicable laws prevent us from doing so;
(b) ensure we have in place appropriate security measures to protect against unauthorised or unlawful Processing of Personal Data;
(c) ensure that everyone who has access to and/or Processes that Personal Data is obliged to keep the Personal Data confidential; and
(d) not transfer any Personal Data outside of the European Economic Area without your consent, except in relation to the PrintFleet software which is placed in our US Amazon EC2 Datacentres. We will let you know if we change these data subcontractors and you can object to any changes. We will remain fully responsible to you for the acts or omissions of our data subcontractors;
(e) help you, at your cost, in responding to any request from a Data Subject and in ensuring compliance with your obligations under the Data Protection Legislation in relation to security, breach notifications, impact assessments, audits and consultations with supervisory authorities or regulators;
(f) notify you without undue delay on becoming aware of a Personal Data breach;
(g) at your direction, delete or return the Personal Data and any copies we have to you on termination of the licence or services agreement between us, unless we are required by applicable laws to store the Personal Data for longer; and
(h) maintain complete and accurate records and information to demonstrate our compliance with this paragraph 1.1.
1.2 We Process Personal Data for you to provide our software and related services, as set out on our website and in our written agreements with you. We will Process this Personal Data for as long as you use our services. PrintFleet software does not collect any Personal Data or user information, but you may enter Personal Data such as customer names and locations to track the services you offer. For more information on the types of device data collected by PrintFleet solutions, consult the PrintFleet Security and Data Privacy Overview.
1.3 You need to ensure that you have all necessary consents and notices in place to enable the lawful transfer of Personal Data to us, for the duration and purposes of the licence and/or services agreement between us.
When we refer to “Data Protection Legislation” on this webpage, we mean:
a) unless and until the GDPR is no longer directly applicable in the UK, the General Data Protection Regulation ((EU) 2016/679); and
b) any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK and then (ii) any successor legislation to the GDPR or the Data Protection Act 1998.
If we have capitalised something on this webpage, those words have the meaning given to them in the Data Protection Legislation.
PrintFleet and the GDPR
What you need to know about the General Data Protection Regulation (GDPR)
What is the GDPR?
- The GDPR is a new law that will take effect across Europe from 25 May 2018. It applies to PrintFleet because we do business in Europe. The GDPR also applies to all of our customers who are based in Europe or who provide goods and services to others based in Europe too.
- Just so you know, the technical term for PrintFleet’s status under the GDPR as it relates to interactions with our customers is a “data processor”. You can read more about what this means here. Because PrintFleet is a data processor and not a “data controller”, some sections of the GDPR don’t apply to PrintFleet.
- We have put this page together to assist our customers in their GDPR compliance efforts and to explain how our software and services are impacted by the GDPR.
What is PrintFleet doing to help?
- Our software systems enable you to store, search, update, remove and delete data. Being able to do this means our software can help you follow your own internal data policies, which is a key part of complying with the GDPR.
- Our software relies on proprietary and third party data security protection tools and technology designed to help keep data secure. Those include secure delivery of application along with application / domain level security to prevent unauthorised access and others that we determine appropriate from time to time.
- We are updating our contracts to ensure they comply with the GDPR (see below).
- Because we are a global business, additional rules apply to us under the GDPR to the extent we transfer data within our group of companies, many of which are located around the world. To comply with these rules, we are putting the model clauses in place between our group of companies. The model clauses are intended to ensure transfers of personal data can continue to happen in a legally compliant way under the GDPR. Although this is all happening internally at PrintFleet, we are telling you about the efforts we are going to because your trust is important to us and we want to be as transparent and clear as possible.
Do I need to do anything as a customer of PrintFleet?
- What you need to do depends on your specific business, and ultimately the responsibility for GDPR compliance rests with you. Most of our customers are updating their privacy policies, changing the legacy data they hold and making sure they have the right policies and guidance in place. A good starting point is to make sure you understand the data you already hold, and why.
How will my agreement with PrintFleet change?
The GDPR requires us and our customers to have a written contract in place which describes what data we handle on your behalf and why, as well as various other aspects. To comply with these new requirements, we are updating our contract with our customers so that it now explains:
- Which data we will be handling for you, why we are doing this and for how long
- What rights you have as our customer in relation to that data
- That we promise to only act on your written instructions in relation to your data
- That everybody who works for us and may have access to your data is under confidentiality obligations
- We will keep your data secure
- We will only use data subcontractors who also have high standards of security
- We will help you when people exercise their data rights in relation to the data we handle for you
- We will help you to comply with your audit, notification and impact assessment obligations under the GDPR
- We will delete or return all of your data to you at the end of our contract
- We will help you with audits when the GDPR requires us to, and give you the information you need to confirm that we are doing everything we promised in relation to your data
We hope this page is a helpful guide to the GDPR.
Please remember that we’re software specialists, not lawyers or GDPR compliance experts. The onus is upon you to ensure your business is GDPR compliant. There are many service providers out there who offer specialised expertise in this complex undertaking. We would be happy to refer you to someone should you wish to receive a referral.
For more information, please contact: eu-GDPR@printfleet.com.