We hold personal data about our employees, suppliers and customers (‘customers’ includes our direct customers as well as organisations or individuals who make use of our products but do not purchase from us directly) for a variety of business purposes, which fall within the scope of this policy and the requirements of the General Data Protection Regulation 2016 (‘GDPR’) effective from 25th May 2018.
The company’s board of directors and staff are fully committed to ensuring full compliance with this regulation.
3.1 Who are we?
At Gendis, we design, manufacture and support innovative IoT products, which are applied to a variety of real-world scenarios. This application of technology allows monitoring, logging and control of remote assets to increase operational efficiency and provide new insights into complex systems through the analysis of big data.
These solutions are provided to our customers as a tool to be used and controlled by them and, where appropriate, also by their customers.
Gendis is a fully owned subsidiary of Paxton Access Group Ltd.
3.2 Our Compliance Strategy
As a company, our compliance strategy for this regulation is achieved through a combination of Business Measures and Product Compliance:
We ensure that we have the necessary organisational and technological measures in place to deliver compliance:
All our business processes are routinely audited to ensure they work to the highest possible standard.
Before introducing any new processes, we will ensure measures are in place to fully protect any personal information processing and storage required. This will include using our IT infrastructure to achieve the highest level of data security.
All Staff are trained to embed GDPR in our company’s mindset and working culture.
The following points detail the types of personal data stored and processed by Gendis in the context of our products:
Customer Data: this is entered into and used within the system for management purposes and to supplement the data received from devices (e.g. customer names or customer addresses)
There is no personal data stored on Gendis products nor transmitted between the products and other systems. Any identifying data is pseudonymised by tokenisation.
Customer Data includes items such as the customer’s name, their facility names and addresses and the names of their employees who use Gendis systems. The exact data collected is determined by the administrator(s) of the system, who could be a Gendis customer directly, or an organisation or individual who uses our products but never Gendis.
The responsibility for collecting this data is that of our customer. Gendis process the data with the consent of our customers, only to provide the advertised functionality of our products. It is the responsibility of the customer to keep their data up-to-date.
Customer Data is stored and processed on Gendis systems that are hosted in the cloud. A benefit of using a cloud platform is the concept of the “Shared Responsibility Model”: the cloud platform provider is responsible for the “Security of the Cloud” (i.e. protecting the infrastructure that runs all the services offered in the cloud platform) and the cloud platform user is responsible for the “Security in the Cloud” (i.e. Gendis assumes responsibility and management of the Gendis software and configuration hosted in the cloud); therefore, reducing the scope and burden of implementing a secure system.
We have made sure that our products will provide the tools required to allow compliance if used correctly, however, Gendis is not responsible for a customer or user’s compliance with GDPR and do not offer advice on how to be compliant.
3.3 What information do we collect about you?
For suppliers and direct customers, we collect the necessary information for maintaining an active business relationship, allowing us to place and receive orders for products or services.
Website usage information is collected using cookies. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, in a few cases, some of our website features may not function as a result.
For product administrators and users, we collect the information necessary to provide the advertised functionality for the product in question. This will vary by product but typically may include names, e-mail addresses and information relating to locations at which our products have been installed.
3.4 How will we use the information about you?
At Gendis, we take your privacy seriously and will only use your personal information to administer your account and to provide the products and services (like Support and Training) you have requested from us. This information will not be shared with any third-party.
The same is true of our products. The data we collect is used solely for the provision of the functionality advertised to be included with the product. This includes any processing required for data analytics, reporting, support and other day-to-day use of the systems.
3.5 Customer Consent
We only contact Customers about news about our products and services providing they have given us consent to do so. If you have given consent, you may opt out at any time by contacting us.
Occasionally, product users will receive notifications by e-mail or in-software. These will be controlled by your product administrator and you should contact them directly to opt out.
3.6 Access to your information and correction
You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all your personal information, please contact us with using the details below. We may make a small charge for this service.
We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate.
Please contact your system administrator directly for any changes required within our products.
3.8 How to contact us:
By post: Data Protection Manager
General Distribution Ltd
Home Farm Road
By email: firstname.lastname@example.org