Tensense GDPR Statement

Introduction

The EU General Data Protection Regulation (GDPR) came into force on 25th May 2018. In the UK, since BREXIT,  the Data Protection Act 2018 (DPA 2018) applies. These two acts are substantially the same.  The Tensense data protection policy is in line with both acts.

Tensense has not appointed a named Data Protection Officer. This responsibility is held by Tensense AI’s Executive Board members and discharged through Tensense’s Customer Services department. Any enquiries should be first directed to info@tensense.ai.

Data protection definitions

Personal data is any information that relates to a living individual. It also includes any data that can be used with other sets of data to identify an individual. Typical examples of personal data are: name, identification number, location data, online identifier, email address, etc.

Processing relates to any operation carried out on personal data including collection, recording, organising, structuring, storing, using, etc. Processing also doesn’t have to be by automated means which means that processing includes paper-based, non-digital systems.

Data Subject is the individual whose personal data is being processed

A Data Controller is the organisation which determines how personal data is processed

Data Processor is an organisation which processes data on behalf of a Controller. This typically means a third party who is used by the Controller to process their data.

For detailed information about the GDPR and data protection, visit the Information Commissioner’s Office website.

Your GDPR responsibilities

When you use our services to store or process your selected participants personal data (including contact information and a demographic profile as viewed from within your organisation), you are the Data Controller and we are a Data Processor. This will be true for any personal data you place on our servers either directly or by use of any of our services.

The GDPR requires you, as a Data Controller, to ensure that any Data Processor services you use to process personal data are GDPR compliant. This means that when you use any of our services to process your personal data you need to carry out due diligence on our services and ensure certain contractual terms are in place.

This GDPR statement is our way of helping you meet these GDPR regulatory requirements and to offer you assurance that we take GDPR and the security of your personal data as part of the everyday running of our services.

Our GDPR commitment 

As a UK company, Tensense AI is committed to ensuring our business, services and internal processes are GDPR compliant. This GDPR Statement provides our assurances to GDPR compliance.

  • Our Security Policy ensures all employees are aware of and understand their role in data protection compliance.
  • We have fully assessed our own GDPR compliance both in terms of the services we offer to our customers and in terms of our own internal policies and procedures.
  • We have appropriate technical and personnel protocols in place to ensure the security of your data.
  • We carry out due diligence against any sub-processors or other third party processors we use to ensure their GDPR compliance (such as data centres).
  • We only allow specific members of staff access to our servers and the access that is available is limited to specific circumstances and business need.
  • We do not transfer your data outside the EEA (all our services are hosted in the UK)
  • Our staff are trained in GDPR compliance and understand their responsibilities for managing the system that process your personal data.

Our role as a Data Processor

You are the owner of the data you submit to our services.

When your data is placed on our servers, you are the Data Controller and Tensense AI, the Data Processor.

We do not share or provide access to any of your data with third parties unless required to do so by law. Where law enforcement or other authorised parties request access to our servers, we will follow strict internal policies for dealing with such requests in line with existing UK law. Furthermore, the third parties are required to demonstrate they have a lawful reason to access the data and under what authority.

Security

For a more complete security statement please click here.

Data location

Your data is stored on hardware located in the UK at the ISO27001 Rapid Switch/ Iomart data centre in Maidenhead with backups stored in the Pulsant data centre also in Maidenhead. None of your data is stored or transferred outside the UK and therefore not transferred outside the EEA.

Maintaining security

All our employees involved in maintaining or administering the system keep up to date with technical aspects of security and ensure the ongoing security of our servers and systems. This means that any security patches are applied to our systems as a matter of priority and any changes or updates to our own systems are done with data protection and privacy in mind and, where appropriate, in discussion with our customers.

Access to Servers

Privileged infrastructure admin access to our servers is strictly restricted to key personnel within Storm Internet and our own Technical Support team. System Admin access to the Tensense system is limited to Tensense Global Admin and your own, if appointed, Client Administrator.

Tensense Employees

All employees are made aware of their responsibilities under GDPR. This includes their responsibilities with regards to access, security and processing of any personal data stored on our servers. Security and data governance are covered in our employee Security policy.

Third Party Services

Tensense appoints, from time to time, partner companies to promote the product and support clients. Re-seller agents do not, as a matter of course, have access to personal information unless the client appoints the third party to act as their Client Administrator.

Data Breaches

In the unlikely event of a breach occurring (as defined in the GDPR) we will notify you within 48 hours of the breach coming to our attention. This will be enough time for you to consider your requirements, under GDPR, for reporting the breach to the ICO and Data Subjects.

Data Protection Contact

Any questions, queries or requests for further information regarding our GDPR compliance should be sent to Info@tensense.ai