Mondago Limited General Data Protection Regulation (GDPR) Credentials Statement

1. Who we are and what services we are providing

Mondago Limited ("Mondago")

Registered office: Camrascan House, Isis Way, Minerva Business Park, Peterborough, PE2 6QR

Designated contact: Francois Roux – Operations Director, ([email protected])

Services provided: Software development, product supply and support.

2. Personal data being processed and processing activities

The personal data being processed by Mondago is that which the controller has supplied to Mondago or which Mondago has obtained or created in order to provide the services in accordance with, and as notified in, the relevant client contract, quote and/or end user license agreement. We may also use personal data for marketing and credit control purposes.

As also notified in the relevant client contract, quote and/or end user license agreement, there are circumstances in which Mondago will be acting as Controller in relation to the personal data.

3. Approach to GDPR compliance

Since October 2017 Mondago has been working with an independent external specialist GDPR corporate entity to undertake a full and thorough review & analysis of its data and security processes with the purpose of ensuring compliance by 25th May 2018. Processes have also been established to ensure on-going compliance.

4. Data management and security

Mondago is registered with the U.K. Information Commissioner's Office under registration reference ZA073957 and is also currently awaiting finalisation of certification of Privacy Shield Principles from the U.S. Department of Commerce ITA.

Mondago takes data security very seriously and follow best practices for security and data storage including but not limited to:

  1. Company GDPR, data, access, network and security policies.
  2. Controlled and logged access to sensitive business systems.
  3. Controlled and logged physical access to company premises.
  4. Employee training of policies and best practices.
  5. Regular employee reminders of policy and best practice.
  6. A documentation data classification matrix.
  7. Data retention policy.
  8. Incident management and logging.
  9. Web-site privacy policies and terms and conditions.
  10. Approved software applications.
  11. A nominated Data Protection Office ([email protected])

5. Confidentiality

Our employees are bound by contractual confidentiality provisions in their contracts of employment. In addition, employees are required to complete an annual declaration confirming their awareness of Mondago's confidentiality and security procedures. Compliance with any group policies relating to data protection and confidentiality of information is mandatory.

6. Use of Sub-Processors

Mondago has either obtained or is in the process of seeking and obtaining similar Credentials Statements or equivalent from Sub-Processors who process the personal data which is the subject of our contract.