EU GENERAL DATA PROTECTION REGULATION (GDPR) AND THE DATA PROTECTION ACT 2018
We are committed to ensuring that any personal data is protected by adhering to the principles of the EU General Data Protection Regulation (GDPR) and the Data Protection Act 2018. Stormchain is not used to hold or process any Personal Identifiable Information (PII) by the storing of images/text. We do not analyse image data to identify individuals through facial recognition or automatic number plate recognition. All our user training material stresses the importance of not collecting PII during Rapid Impact Assessments (e.g., any information recorded about vulnerable communities impacted by a failed highway asset should be generic, not household specific).
Where we do hold PII, for example user accounts, then when we ask you for this personal information, we will:
- Explain clearly and transparently why we need this personal data.
- Secure it safely, protecting it from any unlawful access.
- We will only share it with any 3rd parties where we have your consent.
- We will never pass your data over to any 3rd parties for marketing purposes.
- We will only use the data we take from you for the purpose it was taken and for no other additional processing.
- We will only take the data that is relevant, adequate and limited to what we need for the purpose of any agreement.
- We will not keep your data any longer than is necessary.
- We ask you to:
- Make sure the information you supply us is accurate.
- Inform us, as soon as possible, if this information changes i.e., your contact details or address.
DISCLOSING YOUR INFORMATION
We collect data from you to comply with the performance of a contract. We will only pass this personal information on if we have a legal obligation to do so.
You can find out about the information we hold on you, correct any errors, and find out any 3rd parties we have shared your information with by contacting our Data Protection Officer: info@Stormchain.org
For any additional advice about data protection and the General Data Protection Regulation, you can contact the Information Commissioner’s Office.
All access to Stormchain is secured by using usernames and passwords. Stormchain supports a role-based security model to ensure that all data is fully protected.
We encrypt your “Data at Rest” to help to protect and safeguard your images/text to ensure that you meet your organizational security and compliance commitments. With this feature, Stormchain automatically encrypts your images/text prior to persisting to storage and decrypts prior to retrieval. The encryption, decryption and key management are totally transparent to users. All data is encrypted using 256-bit AES encryption, one of the strongest block ciphers available.
All images/text are securely transported using Secure Sockets Layer (SSL) protocols. SSL is a standard security technology for establishing an encrypted link between a server and a client.
A shared access signature (SAS) is a signed URL that provides secure access to images/text in your storage account. We grant access to images/text in your storage account, without sharing your account keys. A SAS is a secure way to share your storage resources without compromising your account keys.