Prime Timetable is GDPR compliant
How long do we hold data for?
When using the Prime Timetable, Website and SaaS, the customer is the responsible Data Controller. The Data Controller should determine the appropriate length of time to store and maintain personal data about staff and students.
Should a customer terminate their subscription, then current system data and associated backups will be retained for a maximum of 1 year, with the specific purpose to support migration or retrieval of the data by the customer. Data residing on backups is encrypted to industry standards and held for a maximum of 1 year.
Who is responsible/what is the process for removing data?
The Data Controller is responsible for determining how long personal data should be held and for the archiving and removal of personal data from our services. Our platform provides tools to download your archive and delete your account at any time.
Who has access to customer data and what is the purpose of this access?
Members of the Prime Timetable support team based upon role and permissions have access to customer data and this is specifically to provide an incident and problem management function or analyze and evaluate the quality of the service provided.
What levels of data security do we employ?
The Prime Timetable SaaS is secured to industry standards. Our cloud data centres are located in the US. Our US located cloud hosting provider is ISO/IEC 27001:2013 certified. Our standard security protocols include:
- Application security: traffic encryption, safeguards against vulnerabilities such as cross site scripting, SQL injections, phishing and others.
- Network security: Systems to detect suspicious behaviour, stop malicious attempts to gain access, or compromise the resilience of the service (e.g. DDOS attacks).
- Organisational security: access policies and audit logs.
- Physical security: preventing unauthorized access to infrastructure processing personal data.
- Procedural security: IT management processes to minimize the risk of human errors, or testing regimes to identify software weaknesses before releasing new features to our services.
Last revised: February 2, 2019