Our solution is registered with the ICO as a Data Controller with the following
ICO Number: ZA228530
Our solution states that it acts as a Data Controller and a Data Processor, what activities does it undertake that fall under each category?
As per the definition, our solution aggregates/collects and stores the data from our customers and our customer's clients. We're joint Data Controllers with you (as Adviser) because you determine which information is stored on the platform.
We also process this data, in order to support Advisers and make them more efficient. We are therefore Data Processors.
Are Our servers based in the UK/EEA?
Yes, AWS are in Ireland
Do we pass our clients data to a 3rd party based outside of the EEA, a country recognized by the EU as having adequate protection or if in the USA outside of the Privacy Shield Framework?
Client information is only passed to MailChimp - to process and send emails (the notifications) and Google Analytics is anonymised, for a better understanding on how users use the platform.
Every other third party is controlled by you as Adviser (major brands such as GoCardless, Voyant, CashCalc), most of them in Europe and all of them fully compliant with GDPR or they would not be able to transact)
Do those third parties fully comply with the GDPR?
Mailchimp and Google are fully compliant with GDPR
Do We have a data security policy
Can I see a copy of the proposed contract?
https://advicefront.com/terms however, you can simply sign up with a monthly subscription