What is a Data Controller?
According to Article 4 of the GDPR a Data Controller is defined as the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
What is a Data Processor?
According to Article 4 of the GDPR a Data Processor is defined as a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
What information can Mintra Group provide about the security of its products?
As a first line of defence, Mintra Group does not publicise detailed security configuration information about our products, but this can be obtained by customers on request, by contacting firstname.lastname@example.org.
How does Mintra Group classify the data it stores for customers?
The purpose of the products supplied by Mintra Group are primarily focused on the management of personnel records, including performance, competence, and financial data. As such, Mintra Group classifies all data as personal data. Extensive measures are taken to ensure the security and integrity of this data.
How does Mintra Group protect the data it stores for customers?
A range of protection measures are employed to ensure the safety of information stored, including scheduled security patching, anti-virus technologies, firewall technologies, and vulnerability assessments. Systems are designed to provide maximum protection for data layers through the use of segregated private networks.
Where and how does Mintra Group store customer data?
All Mintra Group products are hosted in EU data centres which fully comply with GDPR and relevant standards. Databases are segregated from public networks and protected by access controls and firewalls. Backups are held within the same EU data centres and replicated over encrypted paths to Mintra Group premises within the EU for disaster recovery purposes. Backup sets are protected by security controls ensuring only authorised personnel have access.
How does Mintra Group control access to customer data?
All Mintra Group products utilise differentiated access allowing customers to define the scope of access for each end-user within their organisational account. Customer data is segregated either physically or logically to ensure data privacy. Active Directory integration, SSO, and multi-factor authentication can be employed to further enhance the access control mechanisms.
Who has access to customer data within Mintra Group?
Mintra Group has completed an extensive project to ensure that all routines and procedures meet the requirements in GDPR. Part of this work involves reviewing intra-group data transfers and signing data processing agreements. Transfers to countries outside the EU/EEA will be governed by EU Standard Contract 2010/87/EU. Internal access to customer data is strictly controlled and utilises access control lists and private authentication mechanisms to ensure only authorised personnel have sufficient privileges.
Does Mintra Group allow any third parties to access customer data?
Controlled access is available to a limited number of hosting and technology partners for specific tasks related to product management and development. Data Protection Agreements are set up with all Sub-Processors establishing the policies for data processing on behalf of Mintra Group. Where applicable, transfers to countries outside the EU/EEA will be governed by EU Standard Contract 2010/87/EU and appropriate safeguards shall be put in place.
How does Mintra Group protect data in transit?
The software products delivered by Mintra Group utilise SSL certificates to encrypt traffic between the server and the end-user. Mintra Group also provides a secure file transfer facility for the exchange of file-based data, which also utilises SSL encryption.
For how long is data retained in Mintra Group systems after deletion of a record?
Deleted records are removed from databases immediately and reside only in backup sets.
For how long is customer data retained in backup files?
Backup sets are retained for a maximum of 30 days and destroyed immediately after the retention period expires.
Are Mintra Group products GDPR compliant?
Currently, there is no formal certification process for GDPR, but organisations are obliged to ensure their processes and products adhere to the regulation. Mintra Group has completed an extensive review of internal processes and our software products which has resulted in security enhancements, product changes and process improvements.
Can Mintra Group provide a data processing agreement to its customers?
A standard data processing agreement document can be obtained by all Mintra Group customers by following this link: Mintra Group Data protection
How can I obtain additional information about Mintra Group data protection processes?
Please send a request to the following address: email@example.com
Submit a support ticket describing the issue you are having, one of our team will get back to you as soon as possible.
If you would prefer to speak to a member of our team you can use the contact details below:
UK Phone: +44 (0) 8432 247840
Norway Phone: +47 24 15 55 55