Since May 2018 any companies that has dealings within the European Union has had to comply with the new GDPR (General Data Protection Regulations) directive. This is a complex set of regulations that concerns integrity and protection of all personal data held by companies. This page will define what exactly this means to Omega clients in explaining the relevant parts of the regulations and explaining the clients’ rights.
Omega’s Legal Obligations
As the provider Omega is required to provide certain protections to client data and make information readily available concerning your personal data. Omega must explain where and how we store your information and our policies concerning confidentiality and security and what we will do in the unlikely event of a security breach. While Omega has tried to break down the legal language of GDPR inevitably we have had to use some of the necessary technical language.
The following sections will cover these areas in greater depth.
#1) The only personal data Omega holds concerns client names, email addresses, phone numbers and occasionally the client address. In terms of Physical Security this data is stored on an Omega owned computer in an Excel file with an additional backup on a flash drive. The devices are stored in a secure location within Omega premises that are fitted with an alarm.
#2) In terms of Data Security, Omega maintains the data of clients on its devices using best practices. We take a pro-active approach in maintaining antivirus, anti-malware and anti-spam protections as well as a good password policy. We do our best to keep our website, email and client personal data out of reach of hackers or other malicious individuals.
#3) Omega do not currently hold any data concerning client financial data (e.g. bank account numbers) and in anticipation of the future it will be stored as described in #1 and #2 above.
#4) For clients using PayPal, Omega has no access to account data and this falls under the scope of PayPal’s GDPR policy.
#5) Omega do not use mass email tools such as Mail Chimp and thus any GDPR policies concerning such apparatus are irrelevant to Omega practices.
#6) Omega do not send unsolicited or mass emails.
#7) Omega keeps client data including emails indefinitely unless specifically directed to delete them (see Your Additional Legal Rights section below). Our view on this is that it is the easiest way to comply to GDPR without additional complexity. Data within the emails is kept in accordance to the principles laid out in Terms #1, #2 and #3 and on the email server, which is subject to the GDPR policies of the provider (one.com – Omega‘s Internet Service Provider)
#8) In the event of an unlikely security breach, concerning Physical Security (for example a device being stolen or lost) and/or Data Security (for example data being hacked by a malicious individual) Omega are obliged to inform any potentially affected clients within 24 hours as to the possible consequences and the remedial actions that Omega plan to implement to mitigate such a breach. Once mitigated Omega are required to inform the client of a successful closure of such a breach.
Your Additional Legal Rights
In addition to Omega‘s legal obligations to clients they also have additional rights, which are not defined above, concerning their personal data. These broadly divide into two key legal areas that are covered in the terms defined below; namely the client’s right to raise a data request and the right to be forgotten.
Omega take GDPR and your rights seriously.
#9) The client has the right to make a data request at any time, concerning any personal data that Omega stores. Omega are legally obliged to provide such data, including the nature of the data and where it is stored in a timely manner. In order to raise such a Data Request please use our Contact Form. Use the title Data Request in the Subject field before outlining your exact request in the Your Message field. Failure to do this may lead to a delay in handling your request.
#10) The client has the right to be forgotten. Omega are legally obliged to delete any client data held and thus this leads to the client being effectively forgotten. This includes any emails, personal contact details and other documents held by Omega. In order to raise such a Delete Data Request please use our Contact Form. Use the title Delete Data Request in the Subject field before outlining your exact request in the Your Message field. Failure to do this may lead to a delay in handling your request.
#11) GDPR covers any organisation that operates within or trades with the European Union. Omega is aware that Brexit makes the position of the United Kingdom ambiguous and thus for simplicity Omega has decided that it is best practice to conform to GDPR whatever the status of the United Kingdom and the European Union.
#12) From time to time Omega will revisit and this page to ensure compliance as legislation evolves.
A PDF version of this document is also available here for download.