Executive Summary
On May 25, 2018, all the EU Members states have implemented a new data privacy and protection related regulation, General Data Protection Regulation (the GDPR). The GDPR reinforces existing data protection rights of individuals in the EU, adds new ones and introduces a new “accountability” based regulatory regime. Post-Brexit, the United Kingdom (the “UK”) is not an EU member state and has adopted the UK GDPR (similar to the GDPR), for data protection rights of individuals in the UK.
At Celoxis, we take compliances very seriously. For the GDPR and the UK GDPR, we are working diligently to ensure that we are compliant with the rules laid out by the law and provide product functionality that enables our customers to remain compliant. In the following sections, we have outlined our approach to comply with the regulations outlined in the law.
Celoxis GDPR Compliance
Celoxis currently offers the following software solutions:
- Celoxis - project management software
- Offered in cloud-based and on-premise deployment modes, this tool helps customers manage their projects, resources, finances, and collaboration.
- Tuskr - test management software
- A cloud-based service that helps customers manage their test cases and their test runs.
Because our platform and website are used by our clients for the purposes described above, we process certain amount of personal data of our clients in the capacity of a Data Controller (for any personal information submitted on the website) as well as a Data Processor (for our clients, who submit certain personal information as a part of use of our software platforms).
Data Subject Consent
As a Data Controller, Celoxis has updated its Privacy Policies, Cookies Policy and Disclaimer for the usage of the Cookies in as per the requirements of the GDPR and the UK GDPR on its website www.celoxis.com . Celoxis requires all the visitors, users of its website to provide an unequivocal consent. Celoxis also provides various rights to such users in relation modification, rectification, deletion of their data provided to Celoxis.
As a Data Processor, we also require the employees and authorised personnel of our clients to sign up using their emails to access our platform and this is achieved through our contractual engagement with our clients.
Data Subject Rights & Transfer of Data Outside EU and UK
Celoxis has in place an article 28 the GDPR-compliant data processing addendum including the latest EU Standard Contractual Clauses to ensure an appropriate legal basis for data transfers outside the EU. Further for data transfers outside the UK, Celoxis has transfer mechanisms compliant with the UK GDPR.
Record Keeping as per GDPR
According to Article 30 of the EU GDPR and the UK GDPR, each processor and controller’s representative need to maintain a record of all activities pertaining the personal information of a data subject. Celoxis maintains a controller processing record as required under Article 30(1) of the GDPR and the UK GDPR as well as processor processing record as required under Article 30(2) of the GDPR and the UK GDPR.
Data Breach and Mitigation Process
Article 33 of the GDPR and the UK GDPR says that for any potential data breach, the supervisory authority must be notified within 72 hours of occurrence. Celoxis has sufficient data monitoring mechanisms in place to become aware of any such breach. On discovery of a breach, Celoxis intends to notify the customer (controller) of the occurrence immediately, not exceeding 24 hours after the occurrence. The communication will be sent as per the guideline mentioned in Article 33. This will give sufficient time for our customers to convey the breach to the respective authorities.
Celoxis Promise on GDPR
At Celoxis, maintaining the security, integrity, safety and confidentiality of our client’s data is of a highest priority. Celoxis has already taken adequate measures to ensure that we fulfil our promise of being fully compliant with the GDPR and the UK GDPR! In case you have any queries, please feel free to reach us at [js em address].