Our Commitment to the General Data Protection Regulation (GDPR)
The new EU General Data Protection Regulation (GDPR) came into force on May 25 2018. This replaces the UK Data Protection Act (DPA). Whilst having a similar overall aim (protecting personal data), GDPR includes new responsibilities, more stringent enforcement and substantially increased penalties.
SmarterPay is committed to high standards of information security, privacy and transparency. We comply with applicable GDPR requirements whilst processing data on behalf of our customers (as a Data Processor) and in our own handling and storage of personal information (as a Data Controller).
Internal Processes and Certifications (Data Controller)
SmarterPay has Management Systems certified against the ISO 27001 (Information Security Management) standards. This management system contains the processes developed through data classification and risk analysis to ensure that data is handled in an appropriate fashion.
We will not collect or store any unnecessary personal data relating to customers or others as part of our normal business operation. We only store sufficient information to allow us to contact and invoice customers. Any email communication sent from SmarterPay to existing customers will include an “opt out” option.
Customer information is not shared with 3rd parties.
