1. Introduction
1.1 We have designed our business and its systems from the bottom up with privacy in mind and have taken every step to comply with the Data Protection Act 1998 (the “Act”) and EU Regulation 2016/679 – the General Data Protection Regulation in effect from 25 May 2018 (“GDPR”), including working towards a Data Protection Impact Assessment (DPIA) and assigning a Data Protection Officer (DPO).
1.2 We are ICO registered with registration number ZA241061.
2. Security
2.1 All resident information you provide to us is stored using Amazon Web Services and hosted within the European Economic Area (“EEA”), as per the GDPR.
2.2 Any payment transactions and database information are encrypted using SSL technology and AES-256 (the top end of the NHS recommended standards) respectively.
2.3 Access to data is only granted with valid login credentials to users who have been given access by care providers themselves.
3. Control of data
3.1 Cross Digital Ltd is strictly a Data Processor as defined in Article 28 of the GDPR. We do not own data entered into our system; this is passed on by each care provider who is classed as a Data Controller.
4. Your data compliance
4.1 As a care provider you are a Data Controller and should, by law, carry out a Data Protection Impact Assessment (DPIA). Essentially, it’s a risk assessment of what could go wrong in the cyber world.
