- Resources
Latest Blog POST
UK GDPR Policy
The General Data Protection Regulation (GDPR) imposes strict controls on how all organisations collect and process personal data within the EU and/or the personal data of EU citizens.
The enforcement of the GDPR is overseen by the UK’s supervisory authority, the Information Commissioner’s Office (ICO). It ensures that everyone is playing by the rules and that the rights of data subjects – the people whose data is being processed – are correctly protected.
Those individuals or businesses which determine the purposes and means of processing personal data are referred to as data controllers under the GDPR, whereas a data processor is responsible for processing data on behalf of the data controller.
The regulation outlines six key principles for organisations that process individuals’ personal information. These are that data shall be:
We’re continually improving the technical and organisational security measures we have to protect your data and are committed to being fully compliant with GDPR. We will also support you with your compliance obligations regarding any customer data held within Crocodile.
Here are some of the actions we’ve taken to ensure compliance with the GDPR:
We have a company-wide commitment to compliance with the GDPR. Everyone working at Crocodile understands their responsibilites and those of the company.
We have undertaken an extensive audit to document what data we hold, where we store it, where that data comes from and where it goes. This enables us to keep track of all data and make the right decisions for making sure that your information is always protected.
Our Privacy Policy details exactly how, why and where we may be processing your data, how long we hold it for and what you can do if you don’t think we’re doing a great job.
By signing up to Crocodile, you are entering into an agreement which gives us a legitimate basis to process your data, in line with GDPR requirements. In other words, in order for you to benefit fully from using Crocodile, we need to process some of your data.
However, in order to keep you up to date with helpful tips, events, exciting news and offers, we will need your explicit consent. We make sure it’s obvious where and how you can agree to this and you can unsubscribe from these updates at any time.
Under the GDPR you have the right to see a full copy of any data we hold about you, and also the right to request that it is fully deleted from our system (although we may be required to keep some records to ensure that you are not contacted in future, or to comply with any legal obligations).
This is also true for the data you hold about your customers within Crocodile – you need to be able to adhere to GDPR requirements too and it is our job to help you do that.
We are constantly improving our security measures to keep the information we hold within Crocodile safe and whenever we work with third parties (subprocessors) to help us provide our service, we ensure that their security processes are as robust as our own.
We are continually adding features to our service to improve security. This includes features such as active sessions, login attempts and 2-Step Verification.
Crocodile makes it easy for you to maintain an accurate and up-to-date record of your contact’s details. When you update a contact’s information on their contact card, Crocodile automatically pulls the latest information through to any new invoices or emails. This only applies to newly created documents, however; any historic invoices or emails stored in Crocodile will still contain the information that was correct at the time you created them. This is because HMRC says that you need to keep full copies of your historic information.
Using the Export All Data feature on Crocodile makes it easy to create a copy of all the data you hold on a contact. This feature exports all your data from your Crocodile account along with all your files and attachments.
We are constantly improving our security measures to keep the information we hold within Crocodile safe and whenever we work with third parties (subprocessors) to help us provide our service, we ensure that their security processes are as robust as our own.
Crocodile makes it easy to maintain up-to-date records. Updating a client’s information on the client details page will automatically pull the latest information through to their account. Similarly if a client updates their information via their own account, this will pull through to your dashboard.
Using the Export All Data feature makes it easy to create a copy of all the data you hold for a client on Crocodile. This feature exports all account data from their Crocodile account along with all files and attachments associated with that client.
If one of your clients asks for their information to be permanently removed from your records, they have the right to have their data deleted as fully as possible. (Under GDPR this is the responsibility of the data controller, so if one of your clients asks Crocodile to delete their information, we have to refer them back to you).
You can remove your access to a client’s data directly from your Practice Dashboard. This will not delete the client’s data, but will transfer their account to one which is directly managed by them, removing your access to the data. The data held in the account is then their responsibility to manage or delete.
If you ever want to contact us about GDPR, data protection or to find out more about how we process your data, please feel free to drop an email to legal@brightbee.uk and somebody will get back to you as soon as possible.
The UK Information Commissioner’s Office website is a great resource for GDPR information: https://www.ico.org.uk
Crocodile® is HR Software designed with small British businesses in mind. Whether your business is a start-up, growing, established or a Charity we are sure Crocodile can help your business.
Would you like a free demo of Crocodile?
We’d love to give you a free and personalised demo of Crocodile. Please feel free to fill in the contact form and we’ll be in touch.