Osis GDPR Compliance Audit
 Share
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

 
View only
 
 
ABCDEFGHIJKLMNOPQRSTUVWXYZAAAB
1
TopicStatusIssueActionNotesFlag
2
What personal Data does Osis hold?Personal or Business contact details
Osis holds the personal contact details of people and organisations that have made enquiries online or otherwise contacted us with respect to our services
3
Transaction details
Osis holds the transaction records that are stored on our websites as a result of purchases being made on those sites. These do not include credit card or other financial information apart from amounts paid and the form of payment (credit card, Paypal etc.). Names, addresses and email details are stored along with transaction dates, amount paid and status (failed, error, completed etc.) of the transaction.
4
5
Where is data held?Our Office
We hold any or all of the above data on hard drives in our registered office. The hard drives are not accessible by unaithorised persons and are password protected.
6
Stripe
We use Stripe Payments to process transactions on our websites. Stripe’s services in Europe are provided by a Stripe affiliate—Stripe Payments Europe Limited (“Stripe Payments Europe”)—an entity located in Ireland. In providing Stripe Services, Stripe Payments Europe transfers personal data to Stripe, Inc. in the US. To ensure the adequate protection of personal data, Stripe have certified to the EU-U.S. and Swiss-U.S. Privacy Shield Framework. Their Privacy Shield Policy is available here: https://stripe.com/privacy-shield-policy. They claim to be fully GDPR compliant.
7
Dropbox
Backups of our databases including any or all of the above data are uploaded to Dropbox servers. File data in transit between Dropbox clients (backup apps on our websites) and
the hosted service is encrypted via SSL/TLS. Dropbox’s Legal, Trust, and Privacy teams have carefully analysed the GDPR and are undertaking the necessary steps to ensure that they comply.
​​Dropbox claim they will meet the requirements of the GDPR by 25 May 2018 (https://www.dropbox.com/en_GB/security/GDPR).
See also Dropbox privacy policy: https://www.dropbox.com/help/security/privacy-policy-faq
8
Siteground Servers
Our websites are hosted with Siteground who are GDPR compliant as a data processor. Their Data Processing Agreement can be seen here: https://www.siteground.co.uk/term/297.htm?scid=2&lang=en
9
Mailchimp
10
11
Who is the data shared with?No personal data is shared by Osis without the explicit consent in writing from all parties
12
13
How long do we need to keep personal data?Contact details are held as long as they may be required in order to facilitate business between Osis and 3rd parties, unless their deletion is requested. Transaction data will not be held longer than 7 years.
14
15
Our compliance through documented activityOsis GDPR Compliance Audit taken 24 May 2018. Documented online at https://docs.google.com/spreadsheets/d/1aMOLcjubuef78DJuNEd2PI1wBr3iZ20NgS9buTV5Ah4/edit?usp=sharing
16
17
Osis privacy notes in line with GDPRThe Osis Privacy Statement is on our website at https://accounts.osisdesign.co.uk/privacy-policy/
18
19
Subject access request procedureParties may request access and or deletion of their personal data by emailing info@osisdesign.co.uk. We will comply within 30 days.
20
21
Consent used to obtain personal dataAll personal data we hold of 3rd parties has been obtained through either explicit consent via a web form tickbox or similar device; or by implied consent whereby a business or other transaction is the purpose of the communication and associated transfer of personal information.
22
23
Process for notification of data breachWe will endeavour to notify all affected individuals of any data breach involving personal or sensitive data within 24 hours of our first awareness of the breach. Individuals will be notified via email. We will endeavor to minimise where at all possible any harful effects of such a breach.
24
25
Who responsible for processThe person resonsible for this process is Shannon Ribbons, the Director of Osis Design.
26
27
Effective dateThis policy was created on 23 May 2018
28
Latest update: 26 May 2018
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
Loading...
Main menu