General Data Protection Regulation (GDPR)

Here at Blueberry, we take your privacy seriously and will only use your personal information to provide the services you have requested from us.

Blueberry is committed to GDPR compliance. We are also committed to helping our clients comply with the GDPR by providing stringent privacy and security protections that are built into our service and contracts.

Our custom software will allow your organisation to fulfil its regulatory requirements of the European Union’s General Data Protection Regulation (GDPR). All features required to fulfil the regulatory requirements will be built into the software used for handling Personally Identifiable Information (PII) in the scope of the GDPR.

It is important to understand your responsibilities as a data controller. Blueberry’s customers will typically act as the ‘data controller’ for any personal data they provide to Blueberry in connection with their use of Blueberry’s services. The data controller determines the purposes and means of processing personal data.

Blueberry builds systems to help data controllers process their own data.

Data controllers are responsible for implementing appropriate technical and organisational measures to ensure and demonstrate that any data processing is performed in compliance with the GDPR. Their obligations arise from the data protection principles which require lawfulness, fairness and transparency, purpose limitation, data minimisation, and accuracy, as well as fulfilling data subjects’ rights with respect to their data.

If you are a data controller, you will find guidance on your responsibilities under GDPR by regularly checking the website of your national or lead data protection authority. In the case of the UK, this is the Information Commissioner’s Office at ico.org.uk. You should also seek independent legal advice relating to your status and obligations under the GDPR, for legal advice specifically tailored to your situation.

Please bear in mind that nothing on this website is intended to be used as a substitute for legal advice.

Blueberry does not process personal data for customers, except in exceptional circumstances and at the express request of the customer. However, Blueberry can help you select the appropriate technical and organisational measures so that data processing will meet the requirements of the GDPR.

Here are some aspects you may want to consider when conducting your assessment of Blueberry:

• Blueberry employs and works with security and privacy experts to implement security policies, maintain its systems, review security processes, and build a secure infrastructure. Our teams liaise with customers to ensure our services help meet their compliance needs.
• Blueberry’s terms and conditions clearly articulate its privacy commitments to customers. The terms have been updated to reflect the requirements of GDPR.
• Our hosting facilities, Amazon, have verified they have the necessary functionality for compliance with the GDPR. In addition, we will use a standard method for deletion and retention of data that is considered acceptable under the GDPR.
• We ensure a high level of security, and provide timely breach reporting to meet all GDPR expectations. To reflect this, we utilise a number of security features through our hosting partners. Our security practices include breach detection and timely notification and then recovery.
• All of Blueberry’s employees are required to sign a confidentiality agreement and complete mandatory confidentiality and privacy training.
• Blueberry’s hosting partner, Amazon, holds all the necessary and expected security accreditations for data storage.
• Where your application’s features do not include automatic deletion of data, Blueberry will delete and/or export (return) data at any time during the term of our service agreement.
• Blueberry/Amazon normally backs up data every 24 hours, but this can be modified depending on the nature of the project and individual customer requirements. Any old data is removed in accordance with the retention policy agreed with the customer.
• How Blueberry assists data controllers:

1. Data Subject’s Rights – Blueberry can provide an export of customer data, at any time during the term of the agreement.
2. Incident Notifications – Blueberry will provide contractual commitments around incident notification. We will continue to promptly inform you of incidents involving your customer data in line with the data incident terms in our current agreements.

For any more information about our compliance with GDPR, please contact us here.