The General Data Protection Regulation (GDPR) is the data privacy framework of the European Union. It establishes important rights to the EU citizens and obligations to companies, including the need to demonstrate compliance.
The processing of personal data is not a core part of our business, and our activities don’t create risks for the privacy of individuals. Many of the obligations of the GDPR do not apply to MaxGrip. However, we do recognise the relevance of the GDPR as an important achievement for our society. It has been always part of our corporate values to commit ourselves to the prevention of the abuse of personal data and any inappropriate interferences with the privacy of our clients.
In practice, we may collect personal data because:
- We have a legal reason (allowed by law or under contract) to collect the data, or
- The individual wants us to do so for a specific purpose, such as entering a contract with us.
In other circumstances we may receive personal data when someone visits our website for example, or from third parties including advertising networks, delivery services, payment agencies and taxes authorities. In all situations, the data stored or processed by us is not sold, rented or used for trade in any manner. These data is solely use for our intern business operations. In this information we briefly explain how we protect the personal data collected and/or processed by us.
As software house we want to ensure that the products we market are designed with standards of security and privacy. We know the technical and information security needed in the development chain of our products. So, all development partners of MaxGrip must be ISO27001 certified and operate in conformance with the GDPR.
Currently, the products we make available to the market are not intended to store any personal data. In any case, when purchasing our products, personal data protection can be ensured by the application and infrastructure used by us. Our clients can choose for example, not to use account details which are directly related to a natural person.
The commercial terms and conditions applicable to our business have been reviewed according to the GDPR requirements. This includes, between others, contracts with marketing activity, suppliers and sub-processors. We want to ensure that third parties dealing with personal data provided by MaxGrip follow the security requirements as required by the GDPR. Our main contractual partner for the storage of intern data is Microsoft. The information related to business contacts are currently stored in the CRM system of MaxGrip, owned by Microsoft. This means we have chosen to work with the leading industry standards for information security and loss prevention.
We have selected IT systems that provide high levels of safety and quality for what we do. Currently, we have a comprehensive set of security capabilities including a formal registration and deregistration procedure for assigning access right into computer systems. Relevant information establishing security rules are also in place, such as strong password policies, secure network, intrusion detection and clear screen & clear desk policy. Besides, we have protocols for confidentiality and intellectual property matters applicable for the use and access of computer systems. Any access to contact persons data (business contacts) happens in a need to know basis and after granted permission by the client. The data centres we use are protected by leading standards of security including protection against accidental destruction and a disaster recovery plan. In our IT policy is described the entry and exit procedure, including our access rights to perform regular security checks.
MaxGrip has an adequate physical security which includes authentication mechanisms, visitors identification and reception desk. Only specific persons within MaxGrip have access to personal data. Access to areas where personal information is processed or stored is restricted to authorized personnel.
MaxGrip confirms that all storage units owned by our cloud provider are fully compliant with the privacy and data protection regulations globally. A security operation centre and artificial intelligence team is available by our partners to support MaxGrip, monitor and protect against threats in the cloud that may affect our business. Detailed information on service levels and storage of data in the cloud are available. MaxGrip has remote access/remote work and cloud data sharing policies in place.
It is important to recognise that compliance is a shared responsibility within a wide business ecosystem. We therefore commit ourselves to do our part in this large road towards compliance with the GDPR.
All notices, confirmation and other information related to this document shall be in writing sent per e-mail to: firstname.lastname@example.org