The GDPR is a comprehensive data protection law that came into effect on May 25, 2018. It replaced existing EU law to strengthen the protection of “personal data” and the rights of the individual. It's a single set of rules which governs the processing and monitoring of EU data.
Yes, most likely. If you hold or process the data of any person in the EU, the GDPR will apply to you, whether you’re based in the EU or not.
Vetter welcomes the GDPR as an important step forward to enhance data protection across the EU and the globe and as an opportunity for us to strengthen our commitment to data protection. As such we have undertaken the following:
Vetter collects users’ full names. Vetter also collects users’ work-email addresses in order to send notifications about events that have happened in the software, along with ‘reset password’ emails. We never send marketing emails to our users.
The Data and information Vetter requires to operate is exclusively maintained under Digital format on IT Systems.
Vetter stores all Personal Data either on AWS Europe or AWS East Coast USA resources while using some external 3rd party tools to enable parts of the Service, namely:
Personal Data is exclusively processed by Vetter to enable access to its resources by registered users.
Vetter will maintain Personal Data pertaining to its Corporate Clients’ Users for the duration of the Services
All of the third party vendors that handle any data in Vetter comply with GDPR. Certain Vendors are located outside the EU but are GDPR-compliant. Contact us for a list of those vendors.
Vetter takes every reasonable step to ensure that Personal Data under its direct Processing activities (as the Controller) is limited to the amount and type that is necessary to deliver its Services towards its Users and Corporate Clients as it has been agreed by those, either via Consent or a Contract, for any longer than required under the scope of agreed services.
Vetter does not undergo any type of Automated Personal Data Processing activities or Decision Making, mainly (yet not exclusively) that may lead to Data Subject “Profiling” activities.
When we provide software and services to an enterprise, we’re acting as a ‘data processor’ for the personal data you ask us to process and store as part of providing the services to you. As a data processor, we only process personal data on your company’s authority and instructions.
As the ‘data controller’, you will determine the personal data we process and store on your behalf.
We understand that compliance with the GDPR requires a partnership between Vetter and our customers in their use of our services and we look forward to working with you on this important new regulation.
You will typically act as the data controller for any personal data you collect in connection with your business. The data controller determines the purposes and means of processing personal data, when you choose which one of our services you use you are deciding the purpose (what to do) and means (who you get to do it, ie. Vetter).
Data controllers are responsible for implementing appropriate technical and organizational measures to ensure and demonstrate that any data processing is performed in compliance with the GDPR. Controllers’ obligations relate to principles such as lawfulness, fairness and transparency, purpose limitation, data minimisation and accuracy, as well as fulfilling data subjects’ rights with respect to their data.
If you are a data controller, you may find guidance related to your responsibilities under GDPR by regularly checking the website of your national or lead data protection authority under the GDPR (as applicable) or going to https://www.eugdpr.org/.
You should also seek advice from a GDPR consultant relating to your status and obligations under the GDPR, as only a qualified specialist can provide advice specifically tailored to your situation. Please bear in mind that nothing on this website is intended to provide you with, or should be used as a substitute for, legal advice.
Those Data subjects who are individual Customers may exercise their Rights directly towards Vetter, however, those who are staff members from Vetter’s business customers must address those companies to exercise their rights towards Vetter.
Under the GDPR, the Data Subject has the following set of established rights:
Under the scope of Personal Data Protection, the Data Subjects may address Vetter via:
A written request, accompanied by all necessary information, to the following address: Bloomswood, 93 English Row, Celbridge, Co. Kildare, Ireland
Email: Emails should be sent to support at getvetter.com
Vetter has its “IT infrastructure” configured and monitored under the strictest Security market standards and it has reviewed and adopted changes to its operational processes in a manner that ensures compliance with the requirements posed under “GDPR” towards “Personal Data” Protection. This means to assure its Confidentiality and Privacy while under “Personal Data Processing Activities” performed by itself and its “Partners” within the scope of Vetter’s software services.
Heather Saunders; ECITB Product Dev. Platform Manager
Book a Demo