Skip to content
English - United Kingdom
Contact us
  • There are no suggestions because the search field is empty.

GDPR Compliance At Clearooms

At Clearooms, we are committed to safeguarding personal data and ensuring compliance with the UK General Data Protection Regulation (UK GDPR) and related legislation. This article outlines our policies and procedures for handling personal data securely and responsibly.

Our privacy policy which incorporate's GDPR is online here

GDPR

Data Protection Governance

  • Data Protection Officer (DPO): Clearooms has a nominated DPO who oversees compliance and ensures appropriate safeguards are in place.

  • Policies in Place: We maintain an up-to-date Privacy Policy, Data Protection Policy, and supporting security policies including Acceptable Use, Information Classification, Access Control, and Data Retention.

  • Employee Training: All staff receive training on information security and data protection as part of onboarding and ongoing awareness programmes.

Data Collection and Processing

  • Clearooms processes personal data such as first name, last name, and email address on behalf of customers.

  • Personal data is hosted in secure data centres with strong encryption and access controls.

  • All processing is performed under documented controller instructions, and we seek approval before engaging sub-processors.

Data Storage and Transfers

  • Hosting: Personal data is primarily stored in Ireland, with some transfers to the United States.

  • International Transfers: We use recognised legal mechanisms to ensure adequate protection (e.g., adequacy decisions or equivalent safeguards).

  • Encryption: All production data and backups are encrypted to industry standards (AES-256).

Security of Personal Data

  • Access Control: Access is restricted by the principle of least privilege and enforced by role-based controls.

  • Device Protection: All laptops are encrypted, managed via Mosyle MDM, and support remote wipe.

  • Password Security: Strong password requirements and multi-factor authentication (MFA) are enforced across systems.

  • Monitoring: Logs of user and administrator activity are retained securely to ensure traceability.

Data Retention and Deletion

  • Customer data is only retained as long as necessary for service delivery.

  • On contract termination, all client data can be destroyed on request except for database backups, which are retained for 35 days before being permanently deleted.

Data Breach Management

  • Clearooms maintains a Data Breach Log to record and investigate all incidents.

  • Breach detection, reporting, and notification procedures are in place to ensure compliance with ICO requirements (ICO Registration: ZA798500).

  • If a breach occurs, affected customers and regulators are notified in a timely manner.