Faster Delivery = Happy Users
Automated Process = Fewer Errors
Standards = Cost Reduction
Order Visibility = Confidence
Linking Systems = Efficiency
At Softchoice we take data protection as seriously as our customers. The content on this page provides an overview of how we manage your personal data, and how it applies to the various engagements we have with our customers.
For most individuals Softchoice only holds limited personally-identifying data. This typically includes a person’s name, job role, business email and phone numbers. Softchoice is the data controller of this information and will respect data subjects’ rights under the General Data Protection Regulation (“GDPR”), such as requesting the personal data we hold, or having their data removed from our systems.
Data exchange with most customers is limited to email, instant messenger and phone conversations. We do not record phone calls, but any communication over email is automatically added to our corporate archive. We use a solution that permits us to retrieve and remove data from this archive when required.
Some of our professional and managed services offerings permit other methods of data exchange. Customers requiring more information on data protection in these scenarios should initially contact their account or service delivery manager.
Prior to May 25th 2018, Softchoice undertook a companywide review of data protection to ensure our compliance with GDPR.
In line with the GDPR requirements, we have documented our processing activities as a controller and as a processor. Where required we are updating contracts with business partners to cover data protection obligations.
With ongoing oversight from our CFO and with the support of an internal GDPR project team, our Legal and IT departments have reviewed how they interact with data subjects and their personal data in both internal and customer facing systems. As part of our ongoing commitment to data protection, we constantly review and enhance our data protection practices to keep with the key principles of GDPR.
In addition, we continue to work to ensure the security of our systems and the data contained within. Further information on our security program is available upon request.
In our capacity as the controller of your personal data, here is a summary of your rights to the extent that your personal data is processed subject to the GDPR:
We will try to comply with your request as soon as reasonably practicable and within timeframes required by applicable law. For requests subject to the GDPR, please contact us at firstname.lastname@example.org. We will endeavor to respond to within one month of receipt, depending on the nature and complexity of your request.
Like purchasing hardware and software, Softchoice places an order with a vendor with a limited amount of personal data required to fulfil that order. Typically, this is limited to the name, email address and phone number of a license to and/or ship to contact.
The vendor becomes the data controller of this information and may use it to contact individuals outside of Softchoice’s control for purposes such as sharing product information, marketing, providing support and renewals.
Depending on the service and data involved, the vendor may be considered a data processor to the subscriber organization under the GDPR. In these scenarios, vendors may offer data processing terms in their standard terms and conditions or as part of a data processing addendum.
Softchoice offers a wide range of professional and managed services to support our customers’ operations. Depending on the service, it is possible we, or the supplier providing the service will become a data processor to your organization.
The delivery of services may involve the use of sub-processors and if so, this will be made clear in our contract for such services. Softchoice ensures that our sub-processors are bound to data processing agreements/addenda (“DPA”) that require they protect the data shared to the same standards customers can expect from Softchoice.
We work tirelessly to ensure the security of the managed service platforms that we run for customers. To attest to this we regularly undertake internal audits and external testing engagements with third parties. Our managed services are SOC 1 Type 2 compliant and we complete an annual third party penetration test of our environments.
In the event Softchoice acts as a data processor, customers can enter into a DPA to help demonstrate compliance with the GDPR. This is available upon request.
If your organization has specific requirements around data protection above and beyond compliance with the relevant laws, including GDPR, these should be shared with your Softchoice Account Manager or Service Delivery representatives.
When Softchoice places an order with a supplier, we supply them with a limited amount of personal customer information required to fulfil that order. Typically, this is limited to the name, email address and phone number of a license to and/or ship to contact.
At that point, the vendor becomes the data controller of this information and may use it to contact individuals outside of Softchoice’s control for purposes such as sharing product information, marketing, providing support and renewals.