Relevant

GDPR compliance at Relevant Software

At Relevant Software, we prioritize data protection and privacy in every aspect of our operations. As a company committed to maintaining the highest standards of data security, we adhere to the General Data Protection Regulation (GDPR) and are dedicated to protecting the personal data of our clients, partners, and website visitors.

Our commitment to GDPR compliance

  • Lawful, fair, and transparent processing: We collect and process data only for specific, legitimate purposes with your consent or under contractual necessity.
  • Purpose limitation: We collect personal data for specified, explicit, and legitimate purposes and do not process it in ways that are incompatible with those purposes.
  • Data minimization: We gather only the data required to fulfill the intended purpose.
  • Accuracy and integrity: We take every measure to keep your data accurate and up-to-date.
  • Limited retention: Personal data is retained only as long as necessary for its original purpose.
  • Security assurance: We implement robust technical and organizational measures to prevent unauthorized access, disclosure, or misuse of data.

How we protect your data

We have established comprehensive security protocols to ensure the highest level of data protection:

  • Encryption and secure storage: All sensitive data is encrypted and stored securely.
  • Access controls: Strict access policies ensure that only authorized personnel can access personal information.
  • Regular audits: Periodic internal and external audits help maintain GDPR compliance.
  • Incident response plan: In the unlikely event of a data breach, we have a structured response protocol to mitigate risks and inform affected individuals promptly.

Our agreements on data processing

Data processing agreement (controller – processor) with clients

Purpose: This agreement is established with clients who share or provide access to personal data. It outlines the responsibilities and security measures in place during data processing throughout the collaboration.

Roles:

  • Client: Acts as the Data Controller.
  • Relevant Software: Acts as the Data Processor.

Key points:

  • Standard Contractual Clauses (SCCs), as approved by the European Commission, are implemented for data transfers outside the EU/EEA without adequacy decisions.
  • Regular reviews of the agreement every 12 months.
  • Additional security provisions can be included, provided they do not conflict with SCCs.

Who is involved: Management, technical teams, contractors, and responsible parties.

Data processing agreement (processor – processor) with contractors

Purpose: This agreement is for employees or contractors who have access to clients’ personal data while fulfilling their professional duties.

Roles:

  • Relevant Software & Contractors: Both act as Data Processors.

Key points:

  • Defines clear boundaries and rules for handling personal data.
  • Adheres to SCCs for data transfers outside the EU/EEA.
  • Reviewed at least every 12 months to ensure continued compliance.

Who is involved: Management, technical teams, contractors, and responsible parties.

Data processing agreement (controller – processor) with contractors

Purpose: This agreement applies when employees or contractors access Relevant Software’s internal personal data, such as data collected from websites or social media.

Roles:

  • Relevant Software & Contractors: Both act as Data Processors.

Key points:

  • Specifies data processing boundaries and responsibilities.
  • SCCs are used for international data transfers.
  • Agreement reviewed annually.

Who is involved: Management, technical teams, contractors, and responsible parties.

Compliance evidence agreement

Purpose: To provide an overview of our GDPR compliance measures to clients and service providers.

Includes:

  • Company roles in data processing.
  • Core principles and public documentation overview.
  • A data flow map illustrating the movement of personal data within our systems.

Review process: The document is reviewed annually or when significant changes affect data processing practices.

Transfer impact assessment agreement

Purpose: To assess the adequacy of data protection in countries outside the EU/EEA before transferring personal data.

Includes:

  • Legal analysis of the destination country’s privacy framework.
  • Evaluation of supervisory authorities and fundamental rights protections.

Review process: Conducted every 12 months or when significant legislative changes occur.

Why it matters: Ensures that data transfers align with GDPR standards and mitigate any potential risks.

Updates to this policy

We may update this GDPR statement to reflect changes in our practices or legal requirements. We encourage you to review this page periodically for the latest information.
Last updated: [12.03.2025]

Let’s talk about your project

Optional
Optional

By sending a message you agree with your information being stored by us in relation to dealing with your enquiry.
Please have a look at our Privacy Policy.