Invenics adheres to the requirements set out in the appropriate Data Protection Legislations including
- Before 25 May 2018, the EU Data Protection Directive 95/46 and the UK Data Protection Act 1998; and
- From 25 May 2018, the European Union General Data Protection Regulation (GDPR) 2016/679.
- All other relevant applicable statutory provisions and legislation for data protection.
With reference to the above legislations, we will act as a “Data Controller” 1 or “Data Processor” in the provision of our services to the Client. As the data for our services is provided by the Client, the Client will also be considered to be a “Data Controller” for any personal data disclosed by the Client to Invenics.
Policies for Data Protection & Retention: Invenics maintains a set of policies to meet the GDPR requirements for the storage, protection and retention of data. The policies and the procedures are continuously monitored over the data we operate on which includes employee, contractors, suppliers,and clients.
Procedures for dealing with data breaches: Invenics has procedures to respond to data breaches including notifying the appropriate authorities and individuals.
Data Protection Officer: Invenics has appointed a Data Protection Officer who is responsible for ensuring overall GDPR compliance.
We will comply with our respective obligations as “Data Controller” and “Data Processor” in respect of any personal data that is disclosed or processed in the course of the engagement. We agree that only data directly relevant and necessary for the engagement will be disclosed by the Client and processed by Invenics.
We agree that Invenics may process the personal data as a “Data Controller” for the purpose of the engagement as described in the Engagement Letter. Invenics will process the data as reasonably required while meeting its regulatory obligations and applicable laws. Invenics may also use the personal data for other reasonable business purposes such as administration, quality control and aggregated analytics which do not identify individuals.
We agree that Invenics may share and disclose data with other parties as follows:
To the extent necessary for providing the services, Invenics may disclose the data to its employees, contractors and sub-contractors. This may include third parties outside the European Economic Area (EEA). Invenics will ensure that such disclosure is at all times in compliance with applicable data protection legislations.
Any law enforcement or regulatory authorities to the extent required under the applicable data protection legislations.
- We will take due care in the storage, transmission and processing of this data, including taking reasonable measures such as encryption and security.
- We will retain data on our systems only for the period for which it is required as per the applicable laws in the UK. Subsequent to that, all data will be permanently deleted from our systems.