Data Protection and Security
      Back to home
      1. Support Center
      2. Data Protection and Security

      EU General Data Protection Regulations (GDPR)

      How SwipedOn is committed to the GDPR

       

      The General Data Protection Regulation (GDPR) is an EU data privacy law that has been in force since 25th of May, 2018.

      SwipedOn is committed to GDPR and supporting our customers in their compliance. You can see how we suggest using SwipedOn in line with the GDPR here: 

      SwipedOn and the GDPR

       

      We've worked extremely hard in preparation for GDPR. 

      This has involved:

      • Appointing a Data Protection Officer.

      • Auditing our policies and procedures and bringing them in line with requirements.

      • Conducting a full end-to-end information audit and data process mapping exercise, with a corresponding gap analysis and GDPR roadmap.

      • Planning and implementing product changes, specifically around data management and data access.

      What is the GDPR? 

      GDPR’s primary purpose is to create one coherent data protection framework across the EU. In doing this, GDPR substantially enhances data protection and privacy rights for persons in the EU, and imposes a comprehensive set of principles and obligations with which a lot of organisations operating or offering products and services in the EU must comply.

      The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.

      How is SwipedOn aligned with the GDPR? 

      Data Protection Officer - Erin Horton

      Appointed by our Leadership Team, Erin Horton is SwipedOn's Data Protection Officer. It's a responsibility not taken lightly, and we're fully aware of the serious and fundamental challenge data protection poses to digital businesses such as ours across the globe. If you have any GDPR-related questions, please forward these to Erin at privacy@swipedon.com.

      We've updated our Terms of Service & Privacy Policy

      Our Terms of Service, Privacy Policy, and Website terms are all updated. Additionally, we've added a GDPR-specific Addendum to our Terms of Service that outlines all of these specific clauses we will adhere to (such as Model Clauses, etc.). 

      Training, up-skilling and values

      We've embarked on company-wide awareness and familiarisation training exercises to ensure everyone knows their duties and responsibilities surrounding data protection.  

      We've also re-visited our core values and made Data Protection and Security a table stakes initiative. We wish to live by the mantra - Data Protection by Design.

      We've built new features

      Our team has been busy building the necessary features that will enable our customers to:

      • archive data linked to an individual visitor or employee;

      • anonymize and delete data linked to an individual visitor or employee;

      • anonymize 'visits' linked to an individual visitor based on a date range search (we will implement the automation of this task in the future);

      • change the way visitors sign into the iPad or tablet application so as to mitigate data leaks and unauthorised information access. 

      We’ve communicated our sub-processor list

      We’ve reviewed all our vendors, finding out about their GDPR plans and arranging similar GDPR-ready data processing agreements with them. 

      We've implemented new security measures

      Security is a priority for us. We annually engage external third-party security audits and pen tests. We're also ISO27001 certified, which provides independent proof that their ISMS practices and procedures are safe and relevant and ensures SwipedOn are continually improving our internal security processes. 

      As part of a top-down initiative, we've reviewed and updated the following policies and procedures:

      • Security procedures and processes

      • Data processing agreements (sub-processors)

      • Terms of Service

      • Privacy Policy (and EU Privacy Policy Addendum)

      • Website Policy

      • Cookie Policy

      • Contingency Plans

      • Data Subject Requests for Information

      • Data Breach Contingency plans and processes

      Finally, it's important to note that SwipedOn supports the intent behind the GDPR legislation. We believe that all our customers will benefit from the work we've done to protect the privacy and security of your company and visitors. 

      If you would like to discuss anything about GDPR with us, please do not hesitate to reach out to the team at privacy@swipedon.com.