Due Diligence Assessment / Statement.

Requirement

Do you have a knowledge and understanding of the GDPR legislation and your responsibilities as a data processor?

Answer

Yes

Comment

INSPA / INSPAsmiles staff & volunteers have completed / currently undertaking CPD courses introducing them to further Child Safety & Protection Laws & GDPR

Requirement

Do you have a Data Protection Policy?

Answer

Yes

Comment

Please see: PRIVACY, DATA & COOKIE POLICY

Requirement

Do you use subcontractors and have you ensured they are GDPR Compliant?

Answer

No

Comment

We do not use subcontractors

Requirement

Is the data held on a secure server?

Answer

Yes

Comment

NAS / AES 256 - bit

Requirement

Do you and any subcontractors have a documented procedure for deleting subject records on request (including back-up/archive records)

Answer

Yes

Comment

Any questions, comments or requests regarding our Privacy, Data and Cookie Policy should be sent to info[at]inspa[dot]ie. All hard copy records are securely shredded, destroyed and recycled.

Requirement

Do you agree that all records will be deleted on termination of contract at no extra cost?

Answer

Yes

Comment

To request the termination of your schools records please email info[at]inspa[dot]ie

Requirement

Do you have the required privacy notices which meet GDPR Requirements?

Answer

Yes

Comment

Website: Asks users to agree to our policies

We also seek Parental /Guardian Consent for all images taken during #INSPAsmiles Days plus permission from individual schools to provide our services, store and process all relevant data

Requirement

Is any IT equipment that holds personal data encrypted by you and any subcontractors?

Answer

Yes

Comment

AES-256-bit encryption

Images are also stored by unique reference number only. No personal details are stored alongside images.