Data protection Policy
1.0 Deployment model:
1.1 Private cloud – The cloud customer is the sole user of the cloud service due to having their own private database which no other company have access to or share data from. The underlying software is managed and maintained by Cleverclogs Multimedia LTD and server hardware is managed and maintained by a cloud provider under an outsourcing contract.
2.0 Cloud provider – Cleverclogs Multimedia LTD is the organisation that owns and operates a cloud service.
2.1 Intrahost (at this time) is the organisation which hosts the service.
3.0 Cloud customer – The organisation that commissions a cloud service for a particular purpose.
3.1 Cloud user – The organisation staff are the end user of a cloud service – for example a data inputer.
4.0 Data controller
4.1 Data controller in a private cloud - The cloud customer will exercise control over the purpose for which the personal data will be processed within the cloud service.
5.0 Data Processor – Cleverclogs Multimedia LTD's role as cloud provider is contracted to simply to maintain the underlying infrastructure and software therefore performs the role of data processor, ie it will only process the data on behalf of the data controller. This will include tasks such as allocating computing resources, performing and storing back-ups, providing support.
5.1 However, if so instructed on initial setup of the Cloud Customer Service , Cleverclogs Multimedia LTD performed an import of existing customer data, for the setup period ONLY, Cleverclogs Multimedia LTD performed tasks as a Data controller. This role reverts to Data Processor on completion of import tasks.
5.2 As required as part of The Data Protection Act (Schedule 1 Part II paragraph 12(a)(ii)) From this time forward the "data processor is to act only on instructions from the data controller" and "the data processor will comply with security obligations equivalent to those imposed on the data controller itself."
5.3 Cleverclogs Multimedia LTD as creators of Athena MIS do not disseminate or share a Cloud Customers data with any other agencies or third parties. The data input into Athena MIS is for the strict use of the cloud customer only. Whoever they need to share or disseminate data to will be via prior data sharing agreements between the cloud customer and other third parties.
6.0 Protecting your data
6.1 Encryption allows a cloud customer to ensure that the personal data they are responsible for can only be accessed by authorised parties who have the correct 'key'. We provide an SSL certificate which is used for services such as online banking.
6.2 Data 'in transit' between your database and the Athena MIS interface is secure and protected from interception. This is achieved by using an encrypted protocol. The encryption algorithm used meets recognised industry standards.
6.3 The servers used to store data have hardware firewalls to protect data transferred between data centres which could be separated geographically.
6.4 The authentication process for accessing data within your database is by individual user accounts with user id and password protection.
6.5 Different levels of access are given by user role, a Super User has access to all data while a data input role is limited to the input of candidate data. A contract manager role is a read only provision given to a college to view their enrolled candidates only.
6.6 The user roles within Athena MIS are customisable; many aspects can be made read only or invisible.
6.7 The nature of the cloud is to be able to access data anytime, anywhere but to add a further level of security Athena MIS can be locked down to be accesses from specific IP addresses.
6.8 User accounts are created and deleted by the customer and it is their responsibility to delete a user account of staff members once they leave the employment of the customer.
6.9 All modifications to records are date stamped and user details recorded.
6.10 There is no provision for individual records to be deleted by the user. Deletions will be made by request by a nominated member of management, to protect misuse of the system and data records.
6.11 There is no provision for all the data in the customer database to be extracted at the user interface.
6.12 Nightly backups of databases will be made.
6.13 Database will only be provided by written request.
6.14 End of life destruction of data will be performed at customer's request or at such a time that the customer ceases to exist and no third party (such as prime contractor) has been nominated as data collector.
7.0 Further Processing
7.1 There are no cookies used in Athena MIS SaaS
7.2 There are no advertisements within Athena MIS SaaS
7.3 Athena MIS does not store personal information about you except for secure login purposes and an email address for internal notifications and alerts.
8.0 Data Centres
8.1 The Data Centre used for Athena MIS products is located at Kingston Communications in Hull.
8.2 The data centres used will always be within the European Economic Area (EEA)