We have identified important implementation points from the GDPR guidelines and have made an effort to address them systematically and lawfully. Following are the ones we will address:
Right of access by the data subject, Art. 15 GDPR
Right to rectification, Art. 16 GDPR
Right to erasure ('right to be forgotten'), Art. 17 GDPR
Right to restriction of processing, Art. 18 GDPR
Right to data portability, Art. 20 GDPR
Right to object, Art. 21 GDPR
We use WHMCS as our billing and client management system since the launch of our operations. The system provides fully encypted SSL based communication with high security EV SSL implemented on our domain https://www.tecsys.in . The system is the place so far where mandatory client information is being stored. The system is complete secure with IP based access instructions and all security lockdowns and restrictions in place for utmost data security. The servers housing our system are located in an Europe based DC which is GDPR compliant and so flow of information within Europe should not be on issue.
The Name and Location of the Datacenter and our Servers is : OVH Hosting . The servers are located in Strasbourg and Roubaix with failover network Ips within Europe.
We have upgraded to version 7.5 of WHMCS for our billing and client management. This version of WHMCS provides a lot of functions which help with GDPR compliance. We have enabled all needed options available in this version to provide easy compliance to customers.
We provide client area login and access to all our clients using WHMCS giving them a full view of all the information that has been shared with us.
The client area from WHMCS is a self service portal from where we have enabled and provided rights for customers to edit their own information stored with us.
On requesting a cancellation from the client area or via a ticket for their services, clients have the rights to ask removal and erasure of all their manadatory information shared during the period of the service.
The client area provides opt-in and opt-out access to all our communications other than service requests. Our system integrates a fully operational helpdesk and communication from and to the helpdesk is part of the service provided to the clients. This would thus be termed as mandatory communicaton. We would not however process or re-process, distribute, duplicate or share any mandatory information shared with us to any individual, third party or anyone else under any conditions. All employees of ours have a legal Non-Disclosure Agreement signed with us and so are legally barred from disclosing any information as well.
As we currently host our only billing system within Europe, we have already covered our customers right to keep their data in Europe.
Customers have the right to object and request removal or modification of any data stored during the period of the service. You can file a written objection to us by sending an email to firstname.lastname@example.org if the client area options do not faciliate the change you want to do.
Our services cover certain mandatory aspects of data sharing which cannot be completely blacked out. The storage of such data is purposeful and needed for proper rendering of the service the customer has paid for. Examples of Data and Purpose are seen below:
Email Address = Communication related to service and billing
Client Name = Needed for Invoicing and prevention of Anonymous Invoicing
Company Name = Needed for Invoicing
Country = Needed for Identification of EU and Non- EU client
Invoices = Needed for Taxation purposes
We may disclose any data stored with us to established Law Enforcement Agencies if needed.
As per the new guidelines, we would clean up and remove all data related to cancelled client accounts as soon as taxation and accounts clearences and calculations are filed.