loader

GDPR Policy

General Data Protection Regulation
(GDPR policy – VizBook– Visitor Management App)

The EU General Data Protection Regulation (GDPR) will set a new standard for how companies use and protect EU citizens’ personal data. It has taken effect from 25th of May 2018.
We are committed to helping our customers comply with the GDPR by providing best industry standard privacy and security protections that are built into our services.
What are your responsibilities as a customer?
Our customers will typically act as the data controller for any personal data they provide to vizbook.co.uk in connection with their use of our software services. The data controller determines the purposes and means of processing personal data, while the data processor processes data on behalf of the data controller. Vizbook, owned by Cloud Stem Ltd, is a data processor and processes personal data on behalf of the data controller when they use our cloud services.
Data protection and Data Queries
We have a dedicated Data Protection Officer to help you with any requests or questions you have about your data. You can reach out to us by emailing at info@vizbook.co.uk

Cloud Infrastructure and Systems

Where is our data center based? North Europe, West Europe
What security accreditations our cloud provider have? ISO/IEC
CSA/CCM
ITAR
CJIS
HIPAA
IRS 1075
Who has access to your data? Technical Customer service team
Is data encrypted on our servers at rest? Yes, we use Transparent data encryption (TDE) to encrypt your SQL data and all your documents are encrypted through 256-bit AES encryption, one of the strongest block ciphers available.

Data retention / encryption / deletion

For how long do we retain your data? We never delete your data until you ask us so by emailing. The duration of your data retention is your responsibility
For what period is your data stored in backups? 35 days
Where do we store backups? North Europe, West Europe
Is Personal Data encrypted at rest? Yes, we use Transparent data encryption (TDE) and 256-bit AES encryption.

Third Parties

Is your data shared or passed on to any third parties? No. We use Microsoft Azure as a Cloud infrastructure, SendGrid for transmitting our emails and Twilio for SMS.

Logs and Analytics

Do we regularly keep, review and access transaction logs on all networks storing/processing our data? Yes
Is access to all logs recorded and monitored? Yes
Are all logs encrypted? Yes
For what period is your data stored in Logs? 35 days
Do we monitor and analyze the logs? Yes, we analyze logs and build reports on how our services are performing.

Data Breach

Do we have a breach notification mechanism? Yes
Have we had a security breach within the last 24 months? No
Do we notify customers of any suspected breach? Yes as soon as possible.

Regions / Outside of EEA

Is any of data transferred outside of the EEA? No
Is any Cloud system used outside of the EEA to store data? No

Security

Could you please describe the physical security server access that protects our data? Physical security of our cloud infrastructure is managed by Microsoft Azure
Could you please describe the physical security of office access? Physical security of our offices is managed by us.
What are our password complexity rules? We use AES-GCM-256 authenticated encryption for password complexity.

Software Development

Is production data used in test, release or development environments? No
We use secure development policy and use scrum as a methodology. We use secure development policy and use scrum as a methodology.
Describe the separation of development, test and operational facilities? We have completely separate environments for Development, Testing and Production.

What information do we store of our customers?

  • First Name
  • Last Name
  • Email
  • Username
  • Password
  • Country
  • State/Province
  • IP Address/Location Info
  • Timezone
  • Stripe Payment Info.
  • Company Name
  • Address

How do we use our customers information?

  • To provide software and cloud services
  • For on-going promotional software product emails (customers can unsubscribe anytime by clicking on the unsubscribe button in the promotional emails)