1. Home
  2. Copyright and Legal
  3. How Bailey Solutions meets GDPR requirements for your personal data held in our systems

How Bailey Solutions meets GDPR requirements for your personal data held in our systems

Introduction

This help topic explains why and how Bailey Solutions processes personal data about our clients within our systems, and the measures we take to make sure compliance with applicable data protection legislation, including the GDPR. It is presented as a series of commonly asked questions with answers.

For information on personal data stored within your KnowAll.Net, please see the relevant help topic.

When I/we enter into a contract with Bailey Solutions, what personal data about me/us will be processed by them, and on what basis?

Bailey Solutions records a minimal amount of personal data about our clients to meet our contractual obligations and to provide the expected level of service to you.

We will not send marketing emails to you unless you specifically opt-in to receive them.

We use Infusionsoft as our Client Relationship Management (CRM) system. Each client contact record created in the system requires as a minimum:

  • First name
  • Surname
  • Email address
  • Telephone number

In Infusionsoft, for each Company client, we will keep the following details:

  • Company
  • Company address
  • Details of the products you have purchased from us
  • Licences
  • Version of our software
  • Subjects tags, e.g. product name, sector, territory
  • Orders
  • Tasks and notes by sales representatives

Infusionsoft have promised to be fully GDPR compliant.

No personal data is stored on our website.

Our website is integrated with Infusionsoft. If you purchase via our website, the credit card payments are processed by Stripe Payments Europe in Ireland. Further information on Stripe’s GDPR compliance can be found on their website.

We use Xero as our Finance system. For each client we store:

  • Company name
  • Invoice contact(s)
  • Invoice email addresses
  • Invoice address
  • Currency
  • Product category
  • Orders
  • Invoices
  • Recurring payments
  • Payments
  • VAT number
  • VAT rate

We do not store bank details or credit cards data in our Finance system. This system is only used for finance and is not used for marketing purposes.

We use GoCardless from Directli to set up direct debits and this system will store your bank details. GoCardless system is GDPR compliant.

Who can access my/our personal data held by Bailey Solutions?

Bailey Solutions staff access data on a need to know basis.

Each member of staff has an individual login and password for Infusionsoft, the CRM system.

Only 2 staff have access to Xero, Stripe and Go Cardless.

When a staff member leaves Bailey Solutions, their access to all company systems will be revoked within 1 hour of their leaving Bailey Solutions premises by deleting or rendering inactive their Windows login and user accounts for third party applications.

Can I request access to my/our personal data held by Bailey Solutions?

Upon request, you may request a copy of the personal information which we hold about you. All reasonable requests for personal data will be processed as quickly as possible.

Can I request deletion of my/our personal data held by Bailey Solutions?

Requests for deletion of personal data will be accepted and handled within 24 working hours, however we may not be able to supply services to you if we cannot contact you or retain your user account.

However, it may be impossible to delete your information without some residual information remaining because of backups and records of deletions.

Please address your requests to change or delete your personal information via the Contact Us page. Alternatively, you may write to us at the Bailey Solutions Ltd Registered Office address below, stating your name and email address for identification purposes. We will only perform the activities outlined above to the extent that such activities will not compromise privacy or security interests.

Bailey Solutions Ltd, Registered in England, Company no. 04445779. Registered Office: Curtis House, 34 Third Avenue, Hove, East Sussex, BN3 2PD, United Kingdom

If an employee leaves your company you can request that that person’s details are removed and replaced by another contact.

You can also ask us to remove any of your opt-ins for on your account, so you don’t receive marketing emails. Our marketing emails always carry an unsubscribe link.

What is the retention period for personal data?

Personal and company data will be held as long as you are an active client. After that we hold sufficient data to meet UK financial and other compliance purposes. For example, in the case of invoices this is normally 6 years of invoice records.

What happens when I end my contract with Bailey Solutions?

We will review your data and delete any data that does not need to be retained for financial or compliance purposes.

After 6 years, all remaining data for inactive clients will be destroyed.

Are Bailey Solutions employees trained in data security, customer confidentiality and data protection, and how frequently do they receive further training?

Staff contracts contain clauses on data protection and client confidentiality. Further training is carried out annually. Staff are also required to formally sign off that they have read data protection policy documents, which they access via our HR software. They must re-read and re-sign whenever these policies are updated.

Can any third parties access the data?

As described above the following companies store data in their cloud systems on their hosted servers:

  • Infusionsoft
  • Stripe
  • Xero
  • GoCardless

Bailey Solutions have ensured that all our suppliers hosting data for us are compliant with GDPR.

Where is my/our personal data stored?

  • Infusionsoft Software Inc. (trading as ‘Infusionsoft’) stores data in highly secure data centres in Arizona, United States.
  • Stripe stores data in Ireland
  • Xero stores data in the United States
  • GoCardless stores data in the UK

Would Bailey Solutions inform us and/or the Information Commissioner’s Office (ICO) in the event of a data leak or breach?

Yes, in the event of a breach, Bailey Solutions will inform both the customer within 48 hours and the ICO within 72 hours.

Has Bailey Solutions been involved in a breach or leak of personal data in the last 2 years?

No

Updated on May 28, 2019

Was this article helpful?

Related Articles

Leave a Reply