GDPR Statement

Introduction

This GDPR statement is issued on behalf of DataBiz Solutions ("we", "us", or "our"), the owner and operator of 'DataBiz Oifig'.

DataBiz Oifig allows client organisations to offer course registration, membership management, fee payment, and document distribution services to their own customers. This GDPR statement outlines how personal data is collected, processed, and stored within DataBiz Oifig.

Roles and Responsibilities

  • Data Controllers: The individual client organisations using our system are the data controllers. They determine the purposes and means of processing personal data.
  • Data Processor: DataBiz Oifig acts as the data processor, processing personal data on behalf of the data controllers (client organisations) in accordance with their instructions.

Types of Data Processed

The system processes the following types of personal data:

  1. Member information (name, age, contact details, relevant educational and/or medical details)
  2. Parent/guardian information (name, contact details)
  3. Course enrollment details
  4. Payment information
  5. Document access logs

Purpose of Data Processing

Personal data is processed for the following purposes:

  1. Course registration and management
  2. Fee payment processing
  3. Communication regarding courses and activities
  4. Distribution of course-related documents

Data Processing Principles

As a data processor, we adhere to the following principles:

  1. We process data solely on the instructions of the data controller (client organisation).
  2. We implement appropriate technical and organizational measures to ensure data security.
  3. We assist the data controller in fulfilling their obligations under GDPR.
  4. We delete or return all personal data to the controller after the end of the provision of services.

Data Subject Rights

While we process data on behalf of the data controllers, we will assist them in responding to data subject requests, including:

  1. Right of access
  2. Right to rectification
  3. Right to erasure
  4. Right to restrict processing
  5. Right to data portability
  6. Right to object

Data Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  1. Data encryption
  2. Testing and evaluation of security measures
  3. Measures to ensure ongoing confidentiality, integrity, availability, and resilience of processing systems
  4. Measures to restore availability and access to personal data in a timely manner in the event of an incident

Data Breach Notification

In the event of a personal data breach, we will notify the affected data controller(s) without undue delay after becoming aware of the breach.

Data Transfers and Third-Party Processing

As a data processor, we adhere to strict guidelines regarding the transfer and processing of personal data:

  • We do not transfer personal data from DataBiz Oifig to any third parties, or to any other DataBiz Solutions owned or operated system, unless explicitly directed to do so by the data controller or when required by a competent legal authority.
  • In the event that a data transfer is required, we will:
    1. Ensure that the data controller has provided explicit instructions or consent for the transfer.
    2. Verify the legitimacy of any legal authority requesting data transfer.
    3. Implement appropriate safeguards to protect the personal data during transfer.
    4. Document the details of the transfer, including the legal basis, recipient, and security measures employed.
  • We maintain transparency with data controllers regarding any potential data transfers and will promptly inform them of any requests for data transfer we receive.
  • Our system is designed to keep personal data within the designated secure environment, minimizing the need for external transfers.

This approach ensures that we maintain the integrity and confidentiality of the personal data we process on behalf of the data controllers, in full compliance with GDPR requirements.

Contact Information

For any GDPR-related queries, please contact: info@databizsolutions.ie

Updates to this Statement

This GDPR statement may be updated periodically to reflect changes in our practices or regulatory requirements.

Last updated: 02/09/2024