VTSDesign Web Services Ltd falls under the classification of a Data Processor as we process the personal data used by clients (Data Controllers) to make and support websites.
Choice of who we use as sub processors
We can only appoint sub processors e.g for our server management or to outsource data backups that have demonstrated full GDPR compliance.
Restrictions on Sub-Contracting
Under the terms of the GDPR, we cannot subcontract out any part of our service without the written consent of the Data Controllers who are using our service.
The contractual obligations supplied by any sub contracted processors must reflect the same contractual obligations between ourselves as processors and the controllers.
Data Processing Agreement
We can only process personal data on behalf of the controller where a contract is in place between us that outlines the service provided and the terms on us as your Data Processor. We have to ensure that we are only acting on the documented instructions of the controller.
Under the terms of the GDPR, we are required to implement appropriate security measures.
We must inform controllers of any data breach without any undue delay after becoming aware.
Keep records of our processing activities
We must maintain records on several things such as processing purposes, data sharing and retention.