The General Data Protection Regulation comes into force on 25th May 2018 and replaces the Data Protection Act. This document acts as a general statement and overview of information to provide to its Customers in preparation for this. Data Recorded The data recorded in DatabridgeMiS software is entirely at the discretion of the Data Controller. DatabridgeMiS software can record data for Student personal and sensitive information as well as Staff personal, financial and sensitive information. Data recorded on our own internal systems can be contact information, names and server connections where supplied. Data Shared DatabridgeMiS does not process or share any information without the express permission of the Data Controller. Any confidential information shared with DatabridgeMiS pertaining to the data held in DatabridgeMiS software is never stored and removed once its purpose for sharing is complete. Data shared pertaining to Customer or Contact personal information is stored on our online secure portal. No personal data from our internal systems is shared to other organisations or third parties. Retention DatabridgeMiS does not force a data retention policy due to the historic information a Customer may need to process. All decisions of data retention are at the discretion of the Data Controller. Data Access Should a data subject access request be required, DatabridgeMiS will provide details on request as to how to extract the relevant information to respond to a data subject access request. Security In terms of physical security, for the majority of our customers DatabridgeMiS software is installed on Customers own servers and is at their own discretion to secure accordingly. For our hosted solutions, we use the Microsoft Azure platform and you can read more details about how they secure physical machines via their website. Access to DatabridgeMiS software requires a user account and password, each password is encrypted and accessible areas/functions are assigned to groups of users. All data files produced are not encrypted and, since they are all user-generated, are the Data Contoller’s responsibility to secure. GDPR and Us DatabridgeMiS expects to be GDPR compliant where it acts as a Data Processor under contract to Customers for specific actions relating to technical support, issue investigation, tickets and emails we receive etc. DatabridgeMiS also expects to be GDPR compliant as Data Controllers for the use of Personal data in our respective normal business activities, including names and contact details.