Crystal ASP is both a Data Controller and Data Processor under the guidelines of the European General Data Protection Regulations (GDPR). The protection, securitization and processing of this data is of paramount importance to us. We strive to ensure all of Crystal ASP’s obligations to the current Data Protection Legislation and GDPR are met.
When you enquire about our services through our website, you give us certain information voluntarily. This includes your name, email address,phone number and the company you represent. We also hold some personal customer contact information to allow us to meet our contractual obligations. We have clear procedures in place to deal with all types of personal data requests in order to meet our commitments to the General Data Protection Regulations (GDPR). We do not share this information with any Third Parties.
Users of products and services will always be informed of how any personal data will be collected and used as part of the submission process. Should a user wish to know what personal data is recorded about them, they can request this from us using the contact information at the end of this document. You can also contact us should you require your personal information to be rectified, no longer processed, or completely erased.
For submission of any enquiry related to individual rights under the GDPR please use the contact information at the end of this document. As a data controller we maintain oversight of our data and continually review our processes and procedures.
Crystal ASP offer our clients several services primarily billing and provisioning, in which we process billing information on their behalf and with their consent. We may process billing information, on behalf of a company that supplies services to you, as a third party processor. The source of the Billing data will be your supplier and/ or any carrier or supplier that they procure products and services from. Billing data may include contact names, addresses, email addresses contact telephone numbers, account numbers, details of services procured and data from call records. It may also include any data that your supplier inputs into our software applications. The legal basis for this processing is performance of a contract between your supplier and us.
We have access to those systems to carry out the billing process and do not use the data contained within those systems for any other purpose. Access is granted through the Clients own IT Network or through a third-party EU hosting company.
Staff who process personal data within their job roles have all signed a confidentiality agreement as well as receiving training on GDPR and data security. We operate according to the principle of least privilege, ensuring a strict access control policy is in place. Access is restricted and allowed only to those individuals who require it as part of their “Job Role.” This ensures that any data Crystal ASP processes is accessed only by appropriately trained staff. Our clients’ billing data is not readily available to all staff at Crystal ASP and is always securely accessed. A clear audit trail is in place.
At Crystal Asp securing your data is important to us, which is why we take appropriate security measures, protocols and processes to secure and protect the confidentiality, integrity and availability of your information. We always aim to protect your personal information against unauthorised access, use or disclosure, using security technologies, procedures and limited access control.
Rights you have about your information:
You have rights in relation to the personal information that we hold about you:
- the right to know what’s been collected and how it’s being processed.
- the right to access the information we hold about you, known as a Subject Access Request.
- the right to have inaccurate or incomplete information corrected.
- the right to restrict the processing for example if you want us to establish its accuracy or the reason for processing it.
- the right to object to processing your information.
- the right to have information erased when we no longer have a legitimate reason to keep it.
- the right to make a complaint to the Data Protection Commissioner about your information.
As we use your information to provide you with your services and for the performance of our contract with you, if you object to processing information or make requests for restriction/erasure these may affect our ability to provide you with the service requested. You can exercise any of your rights by contacting our Data Protection Officer at the details below.
How we make changes to this policy:
We may update this policy from time to time. When we do, we will post the current version on our website and, where appropriate, notify you using your contact email. We encourage you to periodically review this policy so that you will be aware of how we use your information.
How can you contact us about this policy?