In May 2018, the EU General Data Protection Regulation (GDPR) replaced the 1995 EU Data Protection Directive (European Directive 95/46/EC).
Leenix Ltd is (and has always been) committed to ensuring policies and procedures are in place to ensure client data privacy and are registered with the Information Commissioner’s Office ICO).
We welcome the GDPR as an important step forward in streamlining data protection requirements across the EU and as an opportunity for Leenix Ltd to deepen our commitment to data protection.
In accordance with GDPR, Leenix’s ongoing compliance efforts include:
Leenix Ltd has carried out risk assessments on our procedures to identify any areas of concern regarding data privacy. This has covered a full review as to how, during the course of our daily business, we collect, use, store and dispose of personal data.
Leenix Ltd is aware that such assessment is an ongoing process.
Contractual Commitments: Customers & Suppliers
Compliance with the GDPR requires a partnership between Leenix Ltd and our customers in their use of Leenix services. In so much as Leenix Ltd provides such requested services, we will generally act as a data processor and our customers will generally act as a data controller.
Working together, we hope to explore opportunities to assist our customers meet their GDPR obligation but we encourage our customers to independently familiarise themselves with the GDPR. It is the responsibility of the data controller (and not the data processor) to ensure any such request meets their obligations. For example, in the issuing of contractual documentation for requested services.
Leenix Ltd has reviewed its supplier contracts to ensure GDPR compliance throughout its supply chain.
All Leenix Ltd employees have undertaken data privacy and security training and understand their personal responsibilities. This is an ongoing process and we will continue to provide training covering a variety of topics, including data protection, security, privacy and risk evaluation.
Rights of the individual
As part of GDPR, Leenix Ltd acknowledge the rights of the individual:
to obtain information regarding the personal data we store about them
to obtain information regarding how we store and process their personal data
to obtain information regarding how long their personal data is held
for the processing of their personal data to be compatible with the consent they provided
to ensure the stored personal data is kept up to date
to request for their personal data to be deleted and/or forgotten
to be made aware of the risks, rules and safeguards in place
Types of data
Leenix Ltd is committed to ensuring the privacy of all personal data. We have identified two types of personal data we process:
1. Business Data: personal data we use in the day to day running of the company.
2. Project Data: personal data that is processed via the project requests made by our customers.
All data held by Leenix Ltd is secured by numerous security measures. We block all public access to our systems with the exception of protocols required to deliver websites we host.
We take a multi-layered approach to security on our infrastructure. Using a collection of well known and tested security measures, along with some bespoke adaptations, to keep our customers data safe from unauthorised access.
Where appropriate we will inform and advise customers about secure transport layers such as SSL, implementing these into the services we provide to them.
We offer a fully managed service, with only key employees having access to our systems in order to provide essential maintenance and development activities.
As a data controller for our ‘Business Data’, we ensure our data processors are GDPR compliant.
Ensuring data compliance
When processing data, we undertake the following:
The processing is lawful, fair and transparent
Data is collected and used for a specific & transparent purpose
Data is accurate and up to date
Data is kept safe and secure
Where personal data is processed as part of ‘Services Data’, this is on behalf of a client and still part of strict privacy controls.
We ensure our suppliers have procedures in place
We have a rapid response notification procedure in place for any breach