Overview

At Intellek, the protection of Personal Data is paramount. The General Data Protection Regulation (GDPR) is a comprehensive European privacy law that came into force on May 25th, 2018. Intellek welcomed this law as an important step forward in streamlining data protection requirements across the European Union and as an opportunity for Intellek to deepen our commitment to data protection.

Processor vs Controller

Intellek is the Data Processor for all cloud-based solutions and services that form part of the Principal Agreement, between Intellek and the Licensee, including, but not limited to, Intellek LMS, Intellek Learn (eLearning and Assessments), Intellek Create and Intellek Deliver. Intellek is the Data Controller for the purposes of marketing and monitoring Intellek solutions and services.

As the Data Processor Intellek Shall:

  • use only processors providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject.
  • not engage another processor without prior specific or general written authorization of the controller and ensure that the same data protection obligations as set out in the contract with Intellek and the third-party processor.
  • provide all Data Controllers with a copy of the Intellek the Data Processor document and the GDPR Terms and Conditions Addendum, that sets out the subject-matter and duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects and the obligations and rights of the controller.

As the Data Controller Intellek Shall:

  • be accountable for compliance with data protection principles as listed in Article 5(1)): Lawfulness, fairness and transparency; Purpose limitation; Data minimization; Accuracy; Storage limitation; and Integrity and confidentiality.
  • ensure that any Data Processor Intellek uses carries out lawful processing.
  • ensure requests for consent to be presented in a manner clearly distinguishable from other matters and in an intelligible and easily accessible form.
  • ensure information and communications related to data requests and rights of erasure are concise, transparent, intelligible and in an easily accessible form, given without undue delay/within one month of receipt of request.

The Right to be Informed

Where Intellek acts as the Data Controller, Intellek understands the importance that each individual has the right to know how their data is being processed and why, you can contact us via our website. Where Intellek is the Data Processor, the request must be submitted by the Licensee, the Data Controller.

The Right of Access & Rectification

Where Intellek acts as the Data Controller, Intellek understands that each individual has the right to request a copy of the data that Intellek has on file. A Data Access Request can be made via our website. If any of the data Intellek holds is inaccurate, Intellek will act on all rectification requests in a timely manner, and aims to do this within 30 days, at a maximum. Where Intellek is the Data Processor, the request must be submitted by the Licensee, the Data Controller.

The Right to Erasure

Where Intellek acts as the Data Controller, Intellek warrants to comply with an individual’s request for the deletion or removal of personal data from all products and services. A Rights to Erasure request can be made via our website. Where Intellek is the Data Processor, the request must be submitted by the Licensee, the Data Controller.

The Right to Restrict Processing

Where Intellek acts as the Data Controller, should an individual wish to object to the processing of their personal data, an individual can submit an unsubscribe request to solutions@Intellek.io. Where Intellek is the Data Processor, the request must be submitted by the Licensee, the Data Controller.

The Right to Data Portability

Whether Intellek is acting as the Data Processor or Data Controller, Intellek shall provide confirmation and access within one month of receipt of the request, at no charge; and provide the data in a commonly used electronic format and securely transferred.

Data Protection Officer (DPO)

Intellek has appointed the Head of Network and Security as Intellek’s DPO. If you have any questions or concerns about the way we collect and process your data, please direct your correspondence to the DPO, by email to: dpo@Intellek.io.

Information Security Code of Practice

All Intellek employees and contractors, irrespective of global location, are aware of their responsibilities under the GDPR and will have had a two-hour session of intensive GDPR training, this follows departmental Head training delivered by outside consultants specializing in data privacy. Moving forward, all Intellek employees and contractors are trained on GDPR compliance at induction, and at a minimum, a refresher will be scheduled every calendar year following induction. It is essential that Intellek’s information-handling systems and information are secure and confidential. Intellek employees and contractors are aware of the processes and best practices, and have all read and confirmed receipt of the Information Security Code of Practice.

Security

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Intellek and each Intellek Affiliate shall in relation to the Licensee’s Personal Data implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR. In assessing the appropriate level of security, Intellek and each Intellek Affiliate shall take account in particular of the risks that are presented by Processing, in particular from a Personal Data Breach.

Personal Data Breach

Intellek will notify the Licensee within 72 hours following Intellek becoming aware of the breach and follow the internal Data Breach Response Plan. Intellek will complete the Personal Data Security Breach Notification Form and submit to the Licensee and share a copy with the Licensee detailing:

  • the nature and the likely consequences of the Personal Data Breach,
  • the categories and numbers of Data Subjects effected by the Personal Data Breach,
  • the measures taken or proposed to be taken to address the Personal Data Breach.

Data Protection by Design and by Default

The solutions and services Intellek provides to the Licensee are enhanced based on requests from the Licensee. Intellek will discuss the development request, and in some cases, scope new development with the Licensee. However dummy data is used during all development. Intellek does not use any Personal Data during the development process.

Any enhancements made to the solutions and services Intellek provides will be developed with data protection compliance in mind, and that this may require the Licensee assisting with the Data Protection Impact Assessment (DPIA).