Chilly Sheep complies with applicable GDPR regulations as a data processor and data controller. In conjunction with our clients, we explore opportunities within our service offerings to assist our customers to meet their GDPR obligations as well.
Suppliers we engage with are also committed to applicable GDPR regulations, and in particular all the data centres we use to store customer data have all been accredited with the ISO 27001 certificate – an international standard given to data centres that reach the top-level of security, safety and compliance. This certificate ensures that the network, people and processes meet the industry best-practices of physical and logical security.
The following is a broad description of how we as an organisation/data controller process personal information. To understand how your own personal information is processed you may need to refer to any personal communications you have received, check any privacy notices the organisation has provided or contact the organisation to ask about your personal circumstances.
We process personal information to enable us to provide a service in which we design, test and demonstrate software; promote our services; maintain our accounts and records and to manage our staff.
We process information relevant to the above reasons/purposes. This may include personal details, goods and services, and information necessary for the development and test of software.
The majority of the data we process is done so on behalf of our clients who are looking to gain insight in to their own users' behaviours. We do, however, run a number of products that we own where we process data to fulfil our own requirements, namely: user behaviour, analytics and marketing insight.
We sometimes need to share the personal information we process with the individual themselves and also with other organisations. Where this is necessary we are required to comply with all aspects of the Data Protection Act (DPA). What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons.:
Where necessary or required we share information with suppliers and service providers, professional advisers and consultants, and the specific customer who instructed us to build the software that collected the data.
The GDPR includes certain requirements on data controllers for the portability of personal data. The data our customers store at Chilly Sheep is theirs. We provide for portability and are continually working to enhance the robustness of our data export capabilities.