Inovix and General Data Protection Regulation

Background

The deployment of effective, relevant information security and data protection controls is fundamental to Inovix Network Solutions Ltd’s market proposition as a provider of Managed IT Services. Inovix is committed to securing and protecting the personal data in its custody.

The General Data Protection Regulation (GDPR) comes into force on the 25th May 2018, at which point it will supersede the current Data Protection Act 1998 (DPA).

While GDPR is a complex piece of legislation, it is important to remember that it builds upon the requirements defined within the DPA, which already provides a substantial body of law around the security and protection of personal data.

Inovix Network Solutions Ltd already complies with the DPA. Inovix’s own GDPR programme has been structured to critically assess the existing information security and data protection controls against the more prescriptive requirements of GDPR. Where necessary, the existing controls within Inovix’s Information Management System (IMS) have been updated.

What Personal Data is Inovix collecting and how is it processed?

As a Data Controller, our collection of personal data is limited to only data necessary for the purpose of supporting an effective business relationship with our direct customers. Customer name and contact details are collected, together with other business data, such as, business address, business contact and payment details.

As a Data Processor, the collection of personal data, provided by the customer or authorised user within the end-user’s organisation, is limited to the User ID, business address, landline contact and where appropriate mobile contact for the purpose of facilitating the consumption of the selected Inovix service.

Inovix Network Solutions Ltd does not collect any special category of personal data.

Inovix Network Solutions Ltd will only process personal data where:

  • processing is necessary for the performance of an agreement to which the data subject is party or in order to take steps at the request of the data subject prior to entering into an agreement; or
  • processing is necessary for compliance with a legal obligation to which Inovix is subject, or
  • where the data subject has given consent to the processing of their data for one or more specific purposes


Inovix’s relationship with third parties.

Customer

Inovix’s Customer Agreement documents have been updated to incorporate the required GDPR clauses.

Other suppliers

Inovix has also updated its contractual terms, in line with GDPR, with the suppliers and partners that process personal data in support the Inovix internal business processes. As above, the revised contractual terms ensure the obligations to secure and protect personal data and the need to support the Data Subject in exercising their fundamental rights is recognised by our suppliers.

Inovix Network Solutions Ltd’s technical and organisational controls.

Inovix Network Solutions Ltd’s IT architectural model is based upon industry standard equipment and operating system software, deployed across two geographically separated datacentres. A highly resilient network, sourced from two suppliers, provides connectivity to the Internet allowing services to be delivered.

The hardware infrastructure supporting the delivery of the Inovix services is configured with the required level of resilience to meet the committed service availability levels, with a level of redundancy built into the individual hardware components.

All servers are subject to a regular schedule of vulnerability scans and subject to a formal Patch Management Policy. All servers are visible to, and managed through, a well-established availability and performance monitoring regime. Logging and audit information is captured for critical resources.

Project Management within Inovix has been enhanced to embrace the ‘Privacy by Design and by Default’ philosophy embodied in GDPR.

Summary

As noted earlier, effective information security and data protection controls is fundamental to Inovix’s market proposition as a provider of Managed IT Services. Inovix is committed to securing and protecting the personal data in its custody.

Building on an existing, comprehensive base, the GDPR Programme has further strengthened Inovix’s information security and data privacy controls.

Inovix Network Solutions Ltd is committed to its obligations under GDPR, both in its role as Data Controller and as a Data Processor.

In common with other websites, log files are stored on the web server saving details such as the visitor’s IP address, browser type, referring page and time of visit.

Cookies may be used to remember visitor preferences when interacting with the website.

Where registration is required, the visitor’s email and a username will be stored on the server.

The information is used to enhance the visitor’s experience when using the website to display personalised content and possibly advertising.

Contact details, including e-mail addresses and telephone numbers will not be sold, rented or leased to 3rd parties.

If you have subscribed to one of our services, you may unsubscribe by following the instructions which are included in any e-mail that you receive.
You may be able to block cookies via your browser settings but this may prevent you from access to certain features of the website.

Cookies are small digital signature files that are stored by your web browser that allow your preferences to be recorded when visiting the website. Also they may be used to track your return visits to the website.

3rd party advertising companies may also use cookies for tracking purposes.

Google, as a third party vendor, uses cookies to serve ads.

Google’s use of the DART cookie enables it to serve ads to visitors based on their visit to sites they visit on the Internet.

Website visitors may opt out of the use of the DART cookie by visiting the Google ad and content network privacy policy.