General Data Protection Regulation (GDPR) Statement

Call-It Automotive Executive Summary

Call-It Automotive (CIA) welcomes the introduction of GDPR in May 2018. The solutions and platform that CIA offers is supplied by our business solely located in the UK, utilising hosting facilities solely based in the UK. CIA has always taken all information security seriously including that of personal data regardless as to whether CIA is considered a processor or controller.

In terms of the GDPR CIA has been working towards being fully compliant throughout 2017 in order to ensure that CIA customers can be certain that they are dealing with a fully compliant GDPR business and software platform. The work will conclude prior to the May 2018 date for introduction of the regulation.

CIA will be providing documentation to customers detailing how the software platform and CIA as an organisation are fully compliant with all aspects of GDPR.

Assessment

CIA has assessed every paragraph of the GDPR and matched its own activities and products against all of those paragraphs in four key areas. GroupBC considered the regulation against GroupBC as

  1. A data controller of its own employee data.
  2. A data controller or processor of third party data such as activity relating to direct marketing.
  3. A Software as a Service (SaaS) supplier.
  4. A business that develops software.

A public document will be made available that details the policies and activities that CIA employs matched to the clauses of the GDPR should any customer have a detailed question in respect of compliance.

CIA will also provide a document that details the features of the SaaS provision that means you can have confidence that the organisation and software you are working with are fully GDPR compliant.

CIA is engaged on the path of ISO 27001:2013 certification to demonstrate its commitment to Information Security. Certification is aimed to be achieved in Q4-2018

CIA is hosted solely from UK data centres.

Activity

CIA is amending its activities and associated policies and procedures as necessary in order to fully comply with GDPR following a thorough assessment.

CIA is amending its customer and supplier contracts to ensure the GDPR reaches throughout the supply chain for the provision of its SaaS services.

CIA is reviewing all of its suppliers for compliance with GDPR paying very close attention to its marketing activity suppliers.

CIA is carrying out Privacy Impact Assessments as necessary.

CIA will be offering additional cyber security options for customers who feel they would like to increase their monitoring of activity in relation to their own specific system.

CIA website, reporting platform and direct marketing activity is being updated so that customers have the assurance that they will be contacted and treated in accordance with GDPR requirements. The website will contain CIA’s privacy policies clearly identified.

The SaaS platform is being fully reviewed and will be amended if required. The software is already developed under the guidance of CIA’s secure development requirements.

CIA will be maintaining accreditations that demonstrate its commitment to information security, including personal data.

If you have any query regarding the above GDPR Statement, please contact CIA at the following e-mail address: data.support@callitautomotive.com