The EU General Data Protection Regulation (GDPR) came into force across the European Union on 25th May 2018 and brought with it the most significant changes to data protection law in two decades. Based on privacy by design and taking a risk-based approach, the GDPR has been designed to meet the requirements of the digital age.
Coretek Group remain committed to ensuring high standards of information security, privacy and transparency.
We have always had a robust and effective data protection program in place which complies with existing law and abides by the data protection principles. We place a high importance on protecting and managing customer data in accordance with the new GDPR standards.
We are dedicated to safeguarding the personal information under our remit and in developing a data protection regime that is effective, fit for purpose and demonstrates an understanding of, and appreciation for the new regulation. Our objectives for GDPR compliance have been summarised in this statement and include the development and implementation of new data protection roles, policies, procedures, controls and measures to ensure maximum and ongoing compliance.
We will also work closely with our customers and partners to help them meet their obligations through the provision of professional services.
As part of our GDPR compliance process, we have reviewed and updated all our internal processes, procedures, data systems and documentation in order to help ensure that we are fully compliant with the new regulations.
Coretek Group already have a consistent level of data protection and security across our organisation, however, it is our aim to stay fully compliant with GDPR by continuing to review and update, but not limited to, the following data protection categories;
- Data Protection
- Data Retention
- Data Breaches
- International Data transfers and Third-party disclosures
- Subject Access Requests
- Processor Agreements
Our GDPR Principles
- Accountability and governance measures are in place to ensure that we manage customer and partner data in accordance with GDPR data protection requirements.
- We will only process personal data for specified and lawful purposes and to hold relevant and accurate personal data, and where practical, we will keep it up to date.
- Data breach procedures ensure that we have safeguards and measures in place to identify, assess, investigate and report any personal data breach at the earliest possible time.
- We have revised our Subject Access Request (SAR) procedures to accommodate the revised 30-day timeframe for providing the requested information.
- We will endeavour to ensure that personal data is not transferred to countries outside of the European Economic Area (‘EEA’) without adequate protection.
OUR GDPR FOCUS
We aim to build on our existing security and business continuity systems to help ensure our compliance, including ISO 9001:2015 and to introduce ISO 27001 into our own compliance.
The provision of services and solutions which help customers to understand and prepare for GDPR, develop compliance plans and build a stronger platform for the future by taking control of their data compliance.
The Coretek Group has a robust ISO-based Quality Management System (QMS – ISO 9001:2015) and in order to ensure compliance will implement additional or augmented company-wide controls to meet GDPR requirements within the Information Security Management System (ISMS ISO27001).
Updated Information Security policies and procedures (backed by ISO27001) will build on existing management systems, including our QMS system and our ITIL Service Desk system.
A core foundation of our Information Security, Control and Classification policy will be informed by gap analysis, data protection risk assessments and supported by communication and training programmes.
Coretek’s Data Protection Officer, will inform, advise and monitor compliance. The company will implement tools as appropriate that support the process, provide the necessary security and ongoing delivery of objectives.
We will provide training to our team and generally raise the awareness and importance of GDPR to our business.
We will continually look at ways of improving our systems and procedures to better comply with GDPR best practice.
DATA STORAGE AND CORETEKCLOUD
For any of our clients specifically hosted on our CoretekCloud platform, we have put considerable security measures in place with regards to the protection of data, as follows:
- Physical location – CoretekCloud is hosted within a Tier 3 datacentre where physical access to the environment is tightly controlled. This is also a UK based datacentre with no CoretekCloud data residing offshore.
- Physical Access to the platform by CoretekCloud Staff – Physical staff access is only permitted via an access control list and only a small number of senior engineers are authorised to do so.
- Public access to the service – Access to the service is carried out solely through a secure, PCI compliant web portal.
- 3rd party software services (Azure Backup / Office 365) – As per above, the data that is being hosted in these environments is located solely in UK based datacentres.
- Data Guardians – Only a select number of senior staff are permitted access to tenant company data. General service desk technicians only have basic access to carry out tasks such as session shadowing, user provisioning and password resets. No access to tenant company data is permitted, in line with industry standard practice.
- Security Analytics – Platform activity is monitored for security purposes. Information recorded includes access to resources, failed logins, abnormal or questionable behavior and malicious activity.
- Backups and Data retention – Core tenant file data is backed up on a daily basis with a retention range of one full year. Other third party client apps are also backed up on a daily basis, however these are only retained for a 30 day period.
- Use of personal information stored in CoretekCloud – The only personal information that is stored and reported on are tenant usernames. These are only used for the purposes of those items already discussed in point 6 above.
DATA AND CORETEK.CO.UK
You may be asked to submit personal information via our website such as your name, company, website, email address and phone number.
We use this Data to communicate with you, for example; replying to enquiries, commercial communications or informing you about our products and services.
You can at any time change or withdraw your consent from the Cookie Declaration on our website.
Your consent applies to the following domains: www.coretek.co.uk
What are cookies?
Cookies are small text files that are used to store small pieces of information. The cookies are stored on your device when the website is loaded on your browser. These cookies help us make the website function properly, make the website more secure, provide better user experience, and understand how the website performs and to analyze what works and where it needs improvement.
The third-party cookies used on our websites are used mainly for understanding how the website performs, how you interact with our website, keeping our services secure, providing advertisements that are relevant to you, and all in all providing you with a better and improved user experience and help speed up your future interactions with our website.
What types of cookies do we use?
Essential: Some cookies are essential for you to be able to experience the full functionality of our site. They allow us to maintain user sessions and prevent any security threats. They do not collect or store any personal information. For example, these cookies allow you to log-in to your account and add products to your basket and checkout securely.
Statistics: These cookies store information like the number of visitors to the website, the number of unique visitors, which pages of the website have been visited, the source of the visit etc. These data help us understand and analyze how well the website performs and where it needs improvement.
Marketing: Our website displays advertisements. These cookies are used to personalize the advertisements that we show to you so that they are meaningful to you. These cookies also help us keep track of the efficiency of these ad campaigns.
The information stored in these cookies may also be used by the third-party ad providers to show you ads on other websites on the browser as well.
Functional: These are the cookies that help certain non-essential functionalities on our website. These functionalities include embedding content like videos or sharing contents on the website on social media platforms.
Preferences: These cookies help us store your settings and browsing preferences like language preferences so that you have a better and efficient experience on future visits to the website.
analytics.js – Cookie Usage Users are defined as those people who have registered an account with our site. Commenters are defined as those people who have made a comment on our site, without logging in via an account first.
Cookie Type Duration Description Commenter's Cookies Persistent 365 days When visitors comment on our blog, they get cookies stored on their computer. This is purely a convenience, so that the visitor won't need to re-type all their information again when they want to leave another comment. Three cookies are set for commenter's:
User Cookies Persistant 365 Days There are cookies for logged in users and commenters.
User Cookies - Session Only Session Session Only This is the same as the main 'User Cookies' policy, except these cookies are only stored for the duration of your session. A session is ended when a user clicks the 'Logout' link.
Users are defined as those people who have registered an account with our site.
Commenters are defined as those people who have made a comment on our site, without logging in via an account first.The actual cookies contain hashed data, so you don't have to worry about someone gleaning your username and password by reading the cookie data. A hash is the result of a specific mathematical formula applied to some input data (in this case your user name and password, respectively). It's quite hard to reverse a hash (bordering on practical infeasibility with today's computers). This means it is very difficult to take a hash and "unhash" it to find the original input data. Our site uses a few cookies to bypass the password entry portion. If our site recognizes that you have valid, non-expired cookies, you go directly to the logged-in interface. If you don't have the cookies, or they're expired, or in some other way invalid (like you edited them manually for some reason), our site will require you to log in again, in order to obtain new cookies. The cookies stored are:
How can I control the cookie preferences?
In addition to this, different browsers provide different methods to block and delete cookies used by websites. You can change the settings of your browser to block/delete the cookies. To find out more out more on how to manage and delete cookies, visit wikipedia.org, www.allaboutcookies.org.
Call Now on
0800 304 7444
or Contact Us on the Form Below
FREE YOURSELF FROM IT FRUSTRATION
Remember, your organisation is only as strong as its weakest link. Book in a free consultation with Coretek today to benefit from our 20 years of experience and ensure your IT systems are working in your favour. Includes an in-depth report with actionable next steps completely free.