VISAV Limited GDPR (May 2018)
IntroductionVISAV Limited (VISAV) take great care to protect your data at all times, with the team working hard to keep your data safe and secure. We are prepared and ready to welcome The General Data Protection Regulation (GDPR) (EU) 2016/679 laws coming into action on the 25th May 2018, as it enforces good practice in protecting customer data.
VISAV, the company which developed and operates the Neighbourhood Alert system, is liable to comply with all the Acts listed below:
- Data Protection Act 1998/ 2018 (in process)
- General Data Protection Regulation (GDPR)
- The Privacy and Electronic Communications Regulations Act 2003 (PECR)
- Freedom of Information Act 2000
- Computer Misuse Act 1990
We have outlined our policies, how our system works and what all our customers’ information is used for in our Privacy Statement, located at the start of our registration process. System changes have been implemented in the Neighbourhood Alert product portfolio (which includes Rapport, Community View, Social Sense and Statistical Reporting Systems) to ensure compliance with the Acts/regulations listed above.
Who can see your data?VISAV is both a data controller and a data processor. Public authority and safety organisations are represented on the Neighbourhood Alert system; these are called Information Providers (IP’s).
Each IP is a Data Controller and responsible for ensuring that access to data is restricted appropriately. Your data will not be shared without your explicit, opt-in consent and you can withdraw this permission at any time by logging in, using the settings button on any Alert email or contacting VISAV.
Why we need your data?This is so that IP’s will be able to send you messages and manage the growth of active citizen-based communities. Messages are tailored to your requirements by the information you provide at registration or subsequently by logging into your account or answering surveys.
Your rightsYou have the right to unsubscribe, check, object and have your data deleted. You can also request a copy of your information in a structured, electronic format as a subject access request (SAR), you can download the form here, please complete and return the form by email us at firstname.lastname@example.org or by posting the request to our mailing address.
Who are weNeighbourhood Alert provides an advanced community messaging system solution for police forces, local authorities and Neighbourhood Watch and has been designed and constructed by VISAV, based in Sherwood, Nottingham.
VISAV has sponsored Neighbourhood Watch in Nottingham since 2003 and the Neighbourhood Alert message system was initially developed to complement the existing Neighbourhood Watch service in the area. Since its conception Neighbourhood Alert is now used by more than 30 police forces, fire & rescue services, local authorities, utility and national organisations throughout the UK.
As Data Controllers, our customers decide:
- What information they disclose with us
- Which information is collected, stored and processed
- Who can access the system and therefore which users are permitted to view what information (by setting their Information Providers)
- By what means they receive our alert messages (via email, text message or voicemail)
- What message types they would like to receive
- As such, the Licensee is responsible for ensuring that appropriate data is stored and processed and that access to such data is restricted appropriately.
As Data Processor, we:
- Utilise a wide range of security measures in line with the recommendations provided by ICO (Information Commissioner's Office)
- Implement additional security measures including advanced firewalls, enterprise-level virus protection on all servers, HTTPS encryption for all communication between our servers and users, regular data backup, username/password/PIN to control access, failed log-in attempt logging, automatic suspicious activity detection and logging etc.
- Continue to support the other Data Controllers with their obligations.
How VISAV Limited has prepared for GDPR?
Policy Updates:Terms and Conditions: We have updated our privacy statement to comply with GDPR. For more information regarding use of your data, please see our Terms and Conditions.
System Updates:Data Usage: We've completed a comprehensive data audit to ensure we only collect data critical to business needs and will review our retained data regularly.
Data Access, Portability & Deletion: We will be introducing new features to allow authorised users to hard delete data so that Data Controllers can comply with their obligations to destroy data where there is no longer a justifiable reason to retain the data.
Data Security: We have configured and implemented additional security features including: Email Single Sign-On (ESSO), Password Expiry Periods, Password Re-use Rules, Password Fail Rules and Session Time-out Periods.
Data Centre Security Measures: We have invested in additional data centre security features to help ensure protection of data, including DDoS security feature, proactive Threat Monitoring and Threat Response.
If you have any questions, please let us know; we're here to help.