Matrix Booking and GDPR
Effective 25th May 2018 the EU General Data Protection Regulation 2016/679 of the European Union and of the Parliament (GDPR) takes effect. This will have a great impact on companies that use, access, reference, store or process any personal data. EU residents will now have a much greater say and control over what, how, why, where, and when their personal data is used, stored and also deleted, or removed. GDPR clarifies how the EU personal data laws apply within the EU and globally when related to EU residents. Any organisation that works with EU residents’ personal data in any manner, irrespective of location, has obligations to protect the data.
Keytree Ltd (the creators and owners of Matrix Booking) have a very strong commitment to data security, integrity and protection. Matrix Booking usage is funded entirely by subscription fees and as a result there is no third party advertising used – meaning the data we store is only what is needed to provide the service you have purchased.
Matrix Booking is committed its ISO 27001 standards and also ensures all of our suppliers have appropriate data protection and information security processes in place.
What are we doing for GDPR?
Matrix Booking is a global solution and as a data processor, we understand our obligation to help customers prepare for the changes that GDPR will bring. We have reviewed GDPR requirements and have a dedicated team to ensure we are on target to deliver them. Our key initiatives are:
- Identifying personal data – The personal data that Matrix Booking captures is the minimum required to provide the service and all modules of the system have been reviewed to ensure this principle is adhered. For full details of the collection, usage, storage and disposal of this data please review our ‘Supplier Data Processing Agreement’.
- Providing visibility and transparency – one of the key elements of GDPR is access to data for our customers. Matrix Booking has always been open and transparent with the data and administrators of the system have always had the ability to view all information as and when required. In addition, we are also in the process of identifying key data protection staff within each of our client organisations as well as growing our own.
- Enhancing data integrity and security – With the ever-increasing importance on individual’s data privacy and security Matrix Booking continually reviews and tightens its security controls and processes to provide complete confidence to our customers. This ranges from continual improvement via ISO frameworks through to technical and architectural enhancements in cloud security provision.
- Portability and transferability of data – GDPR gives EU residents (although we apply this to all users of the Matrix Booking products and modules) the right to either receive all the data provided and processed by the controller or transfer it to another controller depending on technical feasibility. Any user of the system may request this data and so Matrix Booking has always had the ability to extract all information as and when required via administrators.
What does this mean for our customers?
Meeting the GDPR requirements is now a key element for many of our customers and so we are keen to ensure our contribution to that will enable you to complete the process as quickly as possible.
For Matrix Booking there are TWO elements that we can provide you in order to do this:
- Please download and complete this SUPPLIER DATA PROCESSING AGREEMENT and email it to email@example.com
- Review the below Q&A as it should provide you with everything you need to know to complete your GDPR requirements for Matrix Booking.
GDPR specific questions and answers
A. Matrix Booking uses some personal data in order to provide a resource booking service to your company whether this be desks, rooms, transport or any other form of resource.
As such only the minimum information required is used, and some of this information is optional as defined by administrators within your company (eg meeting titles).
A. The data captured is used for the purposes of fulfilling the service of booking and managing resources as defined by the scope of the contract. In addition, a subset of the data may also be used to diagnose and resolve any issues raised by the customer themselves with the Matrix Booking Support Team.
A. The data provided is processed for the lifetime of the contract unless otherwise stipulated within the contract – beyond the contract period the data is historically stored based again on the terms of the original contract.
A. The following are the key elements of data that Matrix Booking uses in order to deliver the service:
- Full name
- Telephone number (if provided)
- Resources booked along with date, time and meeting/booking title
- Customers / Clients IP address
- Attendees email addresses if added to a booking
- Any text transmitted in support questions raised with the Matrix Booking Support Team
A. The above data is processed for all users of the Matrix Booking system
A. Yes, the data protection office for Keytree Ltd. is Mark Williment: DPO@keytree.co.uk
If you have any questions beyond this, or if you require us to review your own data processing agreement then please contact your account manager (or email firstname.lastname@example.org if you are not sure who your account manager is). Please note, if additional processing is involved there may be a small Professional Services fee applied.