Healthy Data Processing and Protection (GDPR)

At Vidacycle we want to ensure we uphold our duty to protect and take care with any personal data that we are dealing with. Here we wanted to share all we do to comply with General Data Protection Regulation (GDPR) which is the EU-led regulation to protect people’s personal data.

Lawful basis and transparency

For our customers and potential customers we justify processing personal data because this is necessary to deliver our software service for customers to use and benefit from, as per our contract with customers (and potential contract with those who have demonstrated an interest).

For our marketing activities we require consent from non-customers in order for them to be added to our marketing newsletters and they are able to unsubscribe at any time – this feature is delivered through Zoho. When someone becomes a customer they get emails that are relevant to the product they are using, they can also unsubscribe from this at any time.

What information we process and who has access to it:

Data security

Data protection by design and by default

With every bit of code we write, or interaction with customers we have, we always limit the amount of personal data we collect to the bare minimum. For any individual customer we need their name, email and phone number to effectively be in contact with them and provide a good service. We also require a billing address for all customers as part of our invoicing process.

Encrypt & pseudonymize

Internal Security Policy

  • All work emails must have dual factor authentication enabled.
  • Personal data is never to be shared externally and even before sharing internally care should be taken to ask if it is necessary to share this data.

We utilize many security measures to protect people’s data including but not limited to:

  • Data processing systems can only be used with authorization.
  • Personal data must not be read, copied, modified or removed without authorization during transfer or storage and it shall be possible to establish to whom personal data was transferred.
  • Vidacycle shall be able retrospectively to examine and establish whether and by whom personal data have been entered into data processing systems, modified or removed.

Data Protection Impact Assessment

We collect very little personal data and do not believe that the way we use data in our service is likely to results in a high risk to people’s rights and freedoms. Should we undertake any new technology that might put people’s rights and freedoms at risk then we will conduct a data protection impact assessment.

Data breach process

If there’s a data breach and personal data is exposed, we will notify the within 72 hours.

If there is a data breach of unencrypted data we will email all affected customers within 72 hours.

Accountability and Governance:

Key Third party providers

Zoho One:

Digital Ocean (all servers):

Google Workspace: Data Processing Addendum

Siteground (our websites): Data processing Agreement

We have a GDPR representative internally who is responsible for helping us to keep up to date with changes to GDPR.

Privacy Rights:

Customers have the ability to remove or delete information they have uploaded to our products. Likewise, customers may deactivate their account and request that all personal data we have collected and stored is deleted.

People can request to be removed completely from our databases and we will action that within a month.

Customers can request their data to be sent to them in a spreadsheet before closing their account.

If you have any further questions please contact us at info@vidacycle.com and we will be happy to help.