Privacy Policy (GDPR)
Terms and Definitions
  • “staff” and “users” means all of those who work under our control, including employees, contractors, interns etc.
  • “we” and “us” refer to ExamTrack.
Overview

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a privacy and data protection regulation in the European Union (EU) and will be enforceable from May 25, 2018 and requires no enabling legislation so automatically becomes binding and applicable on that date.

The General Data Protection Regulation (GDPR). The GDPR imposes new obligations on organisations that control or process relevant personal data and introduces new rights and protections for EU data subjects. The GDPR applies to data processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.

ExamTrack places high importance on information security and within our organisation we already comply with an ISO standard that focus on information data security including ISO 27001.

ExamTrack are:

  • Processors for our hosted client data.
  • Controllers of our client and supplier contact information, required to; manage & deliver services under contract; manage customer requests & incidents.
  • Controllers for personnel information in relation to ExamTrack employees
Our Approach

During our journey to GDPR compliance ExamTrack has been and is continuing to work very closely with a consultant to ensure we have the expertise required to implement the legislation requirements accurately and comprehensively.

ExamTrack view GDPR as a constant programme that will require continuous monitoring, management and improvement.

Actions Taken
  • Information Audit – We carry out audits of information previously held and ensured that it is compliant with the new regulations.
  • Policies and Procedures – We have revised data protection policies and procedures to meet the requirements and standards of the GDPR and ISO 27001.
  • GDPR training and awareness – Internal staff briefings and training have been carried out and senior management are aware of their responsibilities.
  • Supplier and Partners – Where required, GDPR supplier agreements are completed to ensure that our third party and suppliers are complying with GDPR.
  • Technology Reviews- We are reviewing our technology platforms to analyse their operation, security compliance in order to ensure that they meet the standards we have laid down and identify any gaps and risk.
Breaches of policy

ExamTrack will take all necessary measures to remedy any breach of this policy including the use of our disciplinary or contractual processes where appropriate.

ISO27001:2013 Accredited Organisation  ICO Registered Company Cyber Essentials