Maestrano and GDPR Compliance
This statement was produced on 24th May 2018. Maestrano reserves the right to update this statement on an ongoing basis and such updates will be published on our website.
GDPR (General Data Protection Regulation) imposes strict controls on how all organisations collect and process personal data within the European Union and/or personal data of EU citizens.
The regulation outlines six key principles for organisations that process individuals’ personal information. These are that data shall be:
- processed lawfully, fairly and transparently
- collected for specified, explicit and legitimate purposes
- adequate, relevant and limited to what is necessary for processing
- accurate and kept up to date
- retained only for as long as necessary
- processed in an appropriate manner to maintain security
What has Maestrano done to prepare for GDPR?
We are constantly improving the technical and organisational security measures we have in place to protect your data and ensure we are fully compliant with GDPR. The work we are doing will also assist with your own compliance obligations regarding any customer data held within Maestrano or platforms delivered by Maestrano.
Under the terms of GDPR, Maestrano will only collect, store and process personal data required to perform the Services provided by Maestrano (e.g. contact details, IP addresses). We will not collect, store or process data that is labeled as sensitive under GDPR including but not limited to data that reveals racial or ethnic origins, political opinions, religious or philosophical beliefs, trade union memberships, genetic data, data concerning health or sexual orientation.
Maestrano sales will handle personal data in the following contexts:
- Contact information collected and used for cold outreach (email & phone)
- Prospect information used during engagement, potentially leading to a sale
- Post-sale customer information
Personal data is held in the following systems:
- Corporate (gmail) address book
- CRM (Hubspot currently)
Here are some of the ways we are ensuring that we are fully GDPR compliant.
Awareness & accountability
We have a company-wide commitment to ensuring complete compliance with GDPR. Our progress is communicated throughout all departments each quarter, so that everyone working at Maestrano understands what needs to be done and by when.
We are undertaking an extensive audit to clearly document what data we hold, where we hold it, where that data comes from and where it potentially goes. This enables us to keep track of all data and allows us to make the right decisions to ensure that your data is always protected.
We have updated our Privacy and Cookie Policies along with our Terms of Service so that you can see exactly how, why, where and for how long we may be processing and holding your data. You can contact us on email@example.com at any point in time if you have questions or would like to lodge a complaint.
Basis and consent
By signing up to Maestrano, you are entering into an agreement which gives us a legitimate basis to process your data, in line with GDPR requirements. In order for you to benefit fully from the Services provided by Maestrano, we will need to process some of your data.
However, in order to keep you up to date with helpful tips, events and exciting news, we will need your explicit consent. Such consent will be requested explicitly when the need arises.
Under GDPR you have the right to see a full copy of any data we hold about you, and also the right to request that it is fully deleted from our system (although we may be required to keep some records to ensure that you are not contacted in future, or to comply with any legal obligations).
This is also true for the data you hold about your customers within our Services – you need to be able to adhere to GDPR requirements too, and we are willing to support you with this. We will continue to keep you updated with our progress on this via the website, newsletters or social media.
Security is a priority in everything we do while developing and delivering Maestrano. We are constantly evaluating potential threats to understand if there is any risk to your data. As potential threats are constantly evolving, we use a number of technical and organisational measures – which are also continually adapting – to stay ahead of potential threats.
Maestrano is a Global Group incorporated under the laws of the United Kingdom, so we ultimately answer to the UK Information Commissioner’s Office (ICO) regarding Data Privacy and Protection.
Despite all our best efforts, should the unthinkable happen and we suffer a significant data breach that puts your personal data at risk, we have a legal duty to report this to the ICO within 72 hours of discovery. We have updated our internal Security Incident Response Policy and Procedures to include mandatory notification requirements, both with the ICO and publicly with you, our customers.
Maintaining your privacy is of the utmost importance to us.
If you want to contact us about GDPR, data protection or how we handle your data in general, please contact us on firstname.lastname@example.org and we will get back to you promptly.
Where can I learn more about GDPR?
You can go directly to the European Commission website for a full run down of everything GDPR-related: https://ico.org.uk/for-organisations/data-protection-reform
The UK Information Commissioner’s Office website is also another great resource for GDPR info: http://ec.europa.eu/justice/data-protection/index_en.htm