Our GDPR Commitment

The EU General Data Protection Regulation (GDPR) is now in effect, and Flexibility Pathway is here to support you in meeting its requirements.

What Is GDPR?

GDPR is setting a new standard for how organizations collect, use, and protect EU citizens’ personal information. With the growing concern for data safety, this law is designed to restore the confidence of the public.

GDPR Implications For Your Organization

Whether or not an organisation is based in the EU, all businesses that control or process personal information of EU citizens have to do so in accordance with the GDPR requirements.

Flexible Childcare Services Scotland is responsible for ensuring that your personal information is processed in accordance with the GDPR requirements. Because of this, we are also responsible for ensuring that any workplace service providers that you use will process the personal information of your EU citizen Users in accordance with the GDPR requirements.

Flexibility Pathway’s CommitmentFlexibility Pathway is committed to supporting you in ensuring that your use of our tool meets the GDPR requirements. Here are some of the measures that Flexibility Pathway has put in place to reflect that:

1. Flexibility Pathway’s Contractual Terms Reflect GDPR Requirements

Flexibility Pathway has prepared a Data Processing Addendum that contains the GDPR contractual requirements. Where applicable, this Data Processing Addendum is incorporated into our Terms of Service, available at www.flexibilitypathway.org.uk/legal/data.

Our contractual commitments relevant to GDPR are that:

- Flexibility Pathway will be transparent and never use your personal information other than as instructed by you,
- Flexibility Pathway will maintain appropriate technical and organisational security measures to protect your personal information,
- Flexibility Pathway will assist you with requests regarding your personal information that is processed using our services.

2. Flexibility Pathway Will Continue To Improve Its Security Infrastructures

Flexibility Pathway is committed to maintaining appropriate technical and organisational security measures to protect your personal information in line with the GDPR requirements.
Our commitments to maintaining our security measures are as follows:

- Flexibility Pathway ensures that, to the extent possible, your personal information is anonymised,
- Flexibility Pathway ensures that your personal information is encrypted in transit,
- Flexibility Pathway has measures in place to ensure the ongoing confidentiality, integrity, availability, and resilience of Flexibility Pathway processing systems and services,
- Flexibility Pathway can restore the availability and access to your personal information in a timely manner in the event of a physical or technical incident, and
- Flexibility Pathway has a process for regularly testing, assessing, and evaluating the effectiveness of technical and organisational measures to ensure the security of your personal information through the use of regular vulnerability and pentesting.

3. For more details regarding Flexibility Pathway’s commitment to invest in its security infrastructures, we invite you to read our Data Processing Addendum.

4. Flexibility Pathway Complies With GDPR International Data Transfer Mechanisms

GDPR does not require personal information of EU citizens to be stored in the EU. GDPR does, however, require transfers of EU citizens’ personal information outside of the EU to comply with certain international data transfer standards. One of these standards is that prior to transferring an EU citizen’s personal information to a third country, the European Commission must have decided that the third country ensures an adequate level of protection.
Flexibility Pathway is committed to ensuring that all transfers of your personal information are and will be in compliance with the required international data transfer standards.
Flexibility Pathway is located in Scotland, UK and is subject to EU privacy laws.
As your data processor, Flexibility Pathway transfers your personal information to only two third-party subprocessors: our data center provider and our database service management provider. Both of these subprocessors are located in the UK.
As your data processor, Flexibility Pathway transfers some of your personal information to one third-party subprocessor: our email management provider called SendGrid for the purpose of sending emails. This subprocessors is certified under the E.U.-U.S. Privacy Shield, a framework negotiated and agreed upon by the European Commission and U.S. Department of Commerce as a lawful way of transferring personal data.

5. Flexibility Pathway’s Products Are Designed To Help You Meet Your GDPR Requirements

Flexibility Pathway is committed to making every effort to build product features that help you meet your GDPR requirements.
Flexibility Pathway ensures that you can meet the GDPR data portability requirements by providing, among others, features that permit you to export some of the employees’ personal information.

Flexibility Pathway is here for you. Please contact us at support@flexibilitypathway.org.uk if you have any GDPR-specific questions.