Processor vs Controller
Intellek is the Data Processor for all cloud-based solutions and services that form part of the Principal Agreement, between Intellek and the Licensee, including, but not limited to, Intellek LMS, Intellek Learn (eLearning and Assessments), Intellek Create and Intellek Deliver. Intellek is the Data Controller for the purposes of marketing and monitoring Intellek solutions and services.
As the Data Processor Intellek Shall:
- use only processors providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject.
- not engage another processor without prior specific or general written authorization of the controller and ensure that the same data protection obligations as set out in the contract with Intellek and the third-party processor.
- provide all Data Controllers with a copy of the Intellek the Data Processor document and the GDPR Terms and Conditions Addendum, that sets out the subject-matter and duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects and the obligations and rights of the controller.
As the Data Controller Intellek Shall:
- be accountable for compliance with data protection principles as listed in Article 5(1)): Lawfulness, fairness and transparency; Purpose limitation; Data minimization; Accuracy; Storage limitation; and Integrity and confidentiality.
- ensure that any Data Processor Intellek uses carries out lawful processing.
- ensure requests for consent to be presented in a manner clearly distinguishable from other matters and in an intelligible and easily accessible form.
- ensure information and communications related to data requests and rights of erasure are concise, transparent, intelligible and in an easily accessible form, given without undue delay/within one month of receipt of request.
The Right to be Informed
Where Intellek acts as the Data Controller, Intellek understands the importance that each individual has the right to know how their data is being processed and why, you can contact us via our website. Where Intellek is the Data Processor, the request must be submitted by the Licensee, the Data Controller.
The Right of Access & Rectification
The Right to Erasure
The Right to Restrict Processing
Where Intellek acts as the Data Controller, should an individual wish to object to the processing of their personal data, an individual can submit an unsubscribe request to solutions@Intellek.io. Where Intellek is the Data Processor, the request must be submitted by the Licensee, the Data Controller.
The Right to Data Portability
Data Protection Officer (DPO)
Intellek has appointed the Head of Network and Security as Intellek’s DPO. If you have any questions or concerns about the way we collect and process your data, please direct your correspondence to the DPO, by email to: dpo@Intellek.io.
Information Security Code of Practice
All Intellek employees and contractors, irrespective of global location, are aware of their responsibilities under the GDPR and will have had a two-hour session of intensive GDPR training, this follows departmental Head training delivered by outside consultants specializing in data privacy. Moving forward, all Intellek employees and contractors are trained on GDPR compliance at induction, and at a minimum, a refresher will be scheduled every calendar year following induction. It is essential that Intellek’s information-handling systems and information are secure and confidential. Intellek employees and contractors are aware of the processes and best practices, and have all read and confirmed receipt of the Information Security Code of Practice.
Personal Data Breach
Intellek will notify the Licensee within 72 hours following Intellek becoming aware of the breach and follow the internal Data Breach Response Plan. Intellek will complete the Personal Data Security Breach Notification Form and submit to the Licensee and share a copy with the Licensee detailing:
- the nature and the likely consequences of the Personal Data Breach,
- the categories and numbers of Data Subjects effected by the Personal Data Breach,
- the measures taken or proposed to be taken to address the Personal Data Breach.
Data Protection by Design and by Default
The solutions and services Intellek provides to the Licensee are enhanced based on requests from the Licensee. Intellek will discuss the development request, and in some cases, scope new development with the Licensee. However dummy data is used during all development. Intellek does not use any Personal Data during the development process.
Any enhancements made to the solutions and services Intellek provides will be developed with data protection compliance in mind, and that this may require the Licensee assisting with the Data Protection Impact Assessment (DPIA).