GDPR Compliance

 

BitaBIZ is committed to complying with the General Data Protection Regulation (GDPR).

GDPR is a rule set regarding handling personal data in the EU.

We have applied GDPR rules into our Terms & Conditions and associated policies.

On this page, you will get a general overview of GDPR requirements which is part of your BitaBIZ terms & conditions.

 

Data portability

According to GDPR customers must have access to data management tools like:

  • export data.
  • delete employee profiles and data.
  • manage the BitaBIZ account plan and settings.

The customer right to data portability is incorporated into BitaBIZ terms & conditions.

 

Data storage

BitaBIZ is a software as a service (SAAS). We deliver our service via the internet (cloud). To be able to deliver our service we use suppliers. According to GDPR, our suppliers (sub-processors) that handle personal data on behalf of BitaBIZ must comply with GDPR.

To comply with GDPR BitaBIZ must:

  • maintain a sub-processor policy.
  • data storage must be inside the EU or governed under the EU-US safe harbor framework

GDPR compliant data storage is incorporated into BitaBIZ terms & conditions, sub-processor policy and DPA.

 

Cookie policy

Cookies are a central part of our service. To be GDPR compliant we must maintain a cookie policy. Our cookie policy must clearly state which cookies we use and the purpose of using the cookie. BitaBIZ maintains a transparent cookie policy.

 

Privacy policy

Our privacy policy describes how we manage the data you may choose to collect when using the BitaBIZ service. It has direct reference to our security policy, data we collect policy, cookie policy, subprocessor policy, and terms & conditions.

 

Data Processor Agreement (DPA)

All BitaBIZ customers are covered by our GDPR compliant Data Processor Agreement. The agreement describes how BitaBIZ (the Data Processor) shall process personal data on behalf of the customer (the Data Controller).

 

Security

A central part of GDPR is data security. BitaBIZ security policy describes the organizational and technical measures we have implemented to prevent unauthorized access, use, alteration or disclosure of customer data. The policy includes:

  • hosting security
  • product security
  • internal security