Data Security & GDPR
Data Security & GDPR
DATA SECURITY AND INTEGRITY
Paperless’ end-to-end encryption ensures all data are secure in transit, stored on ISO27001 compliant web servers and can only be accessed by authorised users.
SECURITY BY DESIGN
Data security by design and end-to-end encryption, ensures your organisation remains GDPR compliant and secure. Benefit from the track and traceability of documents and protect records and sensitive personal information by ensuring only designated staff to have access.Safeguarding data is an integral part of our business, we have therefore opted to host all data to the highest possible level with Amazon’s ISO27001 compliant AWS cloud infrastructure.
Obligations under GDPR
Paperless Construction Limited recognises the significance of its compliance obligations in respect of both Data Protection and Information Security in relation to the GDPR. Safeguarding data is an integral part of our business, we have therefore opted to host all data to the highest possible level with Amazon’s AWS cloud infrastructure.
Data Controller Vs Data Processor
GDPR and defined by ICO, draws a distinction between a data 'controller’ and a ‘data processor’ to recognise that not all organisations involved in the processing of personal data have the same degree of responsibility.
Paperless Construction Limited’s customers are the Data Controller as defined by GDPR. The Client (Data Controller) determines the legal basis, purposes and the way any data is processed.
Paperless Construction Limited is the Data Processor on behalf of the Data Controller\customer and processes data under the instruction and on the behalf of the Client. It is the responsibility of the data controller to ensure that a legal basis for the collection of all personal data, has been established and where necessary explicit consent obtained from the end-users.
Types of data being processed
Paperless Construction Limited processes the following categories of personal data on behalf of our customers:
Personal Data (contact information, location information, emergency contact, photos, signatures, competencies, medical information etc.)
Sensitive Personal Data (Optional - medical information )
Our customers decide what data we process on their behalf and as data processors, we only process information under the instruction and on behalf of our customers
Access to Data
All data are classified as sensitive, are not shared with any 3rd parties and are only accessible to users authorized by the respective Data Controller (Client)