Pragma Systems General Data Protection Regulation Statement

Introduction

The new General Data Protection Regulation (GDPR) came into effect on May 25th 2018. It builds on existing EU data privacy rules, strengthening in many key areas and the rights that EU individuals have over their data, and creating a uniform data protection law across Europe.

This rule clarifies how EU resident’s personal data laws are applied, internally within the EU and worldwide. Any organization that works with EU residents’ personal data in any manner, irrespective of location, has obligations to protect the data. Pragma Systems is aware of its role in providing the right procedures and security to support its employees, customers and suppliers and help meet our GDPR obligations.

Our Commitment

Pragma Systems is committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have always had a robust and effective data protection program in place which complies with existing law and abides by the data protection principles. However, we recognise our obligations in updating and expanding this program to meet the demands of the GDPR.

Pragma Systems is dedicated to safeguarding personal information and in developing a data protection regime that is effective, fit for purpose and demonstrates an understanding of, and appreciation for the new Regulation.

Our policies regarding data ownership and protection are focused on providing you with confidence that your data remains secure, and under your control. We have established a number of measures to ensure that customers and their data are treated in a manner consistent with privacy principles.

GDPR Implementation

Pragma Systems already has a consistent level of data protection and security across our organization. Our implementation includes: -

• Information Audit - carrying out a company-wide information audit to identify and assess what personal information we hold, where it comes from, how and why it is processed and if and to whom it is disclosed.
• Policies & Procedures - Data protection policies and procedures to meet the requirements and standards of the GDPR and any relevant data protection laws, including: -
• Data Protection – Accountability and governance measures are in place to ensure that we understand and adequately disseminate and evidence our obligations and responsibilities; with a dedicated focus on privacy by design and the rights of individuals.
• Data Breaches – our breach procedures ensure that we have safeguards and measures in place to identify, assess, investigate and report any personal data breach at the earliest possible time.
• International Data Transfers & Third-Party Disclosures – where Pragma Systems stores or transfers personal information outside the EU, we have procedures and safeguarding measures in place to secure, encrypt and maintain the integrity of the data. We carry out strict due diligence checks with all recipients of personal data to assess and verify that they have appropriate safeguards in place to protect the information, ensure enforceable data subject rights and have effective legal remedies for data subjects where applicable.
• Storage and Retention of Your Personal Information

We retain your personal information for as long as necessary to provide services requested by you, or for other essential purposes such as complying with our legal obligations, resolving disputes, and enforcing our agreements. Because these needs can vary for different data types in the context of different services, actual retention periods can vary significantly. The criteria used to determine retention include:

1. How long is the personal information needed to provide applicable services? This includes such things as maintaining and improving the performance of the Services, enabling system security measures, and maintaining appropriate business and financial records.
2. Do users provide, create, or maintain the data with the expectation we will retain it until they affirmatively remove it? In such cases, we may maintain the data until actively deleted by the user.
3. Is the personal information of a sensitive type? If so, a shortened retention time may be appropriate.
4. Are we subject to a legal, contractual, or similar obligation to retain the data? Examples can include mandatory data retention laws in the applicable jurisdiction, government orders to preserve data, or data that must be retained for the purposes of litigation.
• In addition to providing the service and day-to-day operations, Pragma Systems may use your data for the following:
  • Troubleshooting aimed at preventing, detecting, and repairing problems affecting the operation of services
  • Ongoing improvement of features, such as those that improve the reliability of our software, or involve the detection of, and protection against, threats to the services or customer data
  • Providing personalized customer experiences
  • Contacting you about new products and services
• Direct Marketing - You can opt out of receiving promotional emails from Pragma Systems by following the instructions in those emails. If you opt out, we may still send you non-promotional emails, such as emails about your accounts or our ongoing business relations. You can also send requests about changes to your information or your contact preferences, including requests to opt-out of sharing your personal information with third parties, by emailing .

  Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to remove cookies from within your browser, or set your browser to block all cookies, all third-party cookies, or particular cookies. If you choose to remove or block cookies, this can disable or otherwise affect certain features or services of our websites.

  There are web browser signals and other mechanisms (for example, "Do Not Track" settings) that can indicate your choice to disable tracking, and, while we and others give you choices described in this Policy, we do not currently honor these mechanisms.

• Processor Agreements – where we use any third-party to process personal information on our behalf (i.e. Payment Processing, Hosting etc), we are compliant and utilize due diligence procedures for ensuring that they (as well as we), meet and understand their/our GDPR obligations.

Data Subject Rights

In addition to the policies and procedures mentioned above that ensure individuals can enforce their data protection rights, we provide access via email of an individual’s right to access any personal information that Pragma Systems processes about them and to request information about: -

• What personal data we hold about them
• The purposes of the processing
• The categories of personal data concerned
• The recipients to whom the personal data has/will be disclosed
• How long we intend to store your personal data for
• If we did not collect the data directly from them, information about the source
• The right to have incomplete or inaccurate data about them corrected or completed and the process for requesting this
• The right to request erasure of personal data (where applicable) or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from us and to be informed about any automated decision-making that we use
• The right to lodge a complaint or seek judicial remedy and who to contact in such instances

Information Security & Technical and Organizational Measures

Pragma Systems takes the privacy and security of individuals and their personal information very seriously and take every reasonable measure and precaution to protect and secure the personal data that we process. We have robust information security policies and procedures in place to protect personal information from unauthorized access, alteration, disclosure or destruction and have several layers of security measures.