Customers of dahlia-charity.co.uk Software typically act as the data controller for any personal data they provide in connection with their use of our services. The data controller determines the purposes and means of processing personal data.

dahlia-charity.co.uk Software acts as a data processor, meaning it processes personal data only on behalf of the data controller and in accordance with the controller’s instructions.

Both data controllers and data processors are responsible for implementing appropriate technical and organisational measures to ensure that personal data is processed in compliance with the General Data Protection Regulation (GDPR).

These responsibilities arise from key data protection principles, including:

Lawfulness, fairness, and transparency

Purpose limitation

Data minimisation

Accuracy

Respecting and fulfilling data subjects’ rights

Guidance for Data Controllers

If you are a data controller, you should regularly review guidance provided by your national or lead data protection authority. In the United Kingdom, this authority is the Information Commissioner’s Office (ICO), available at ico.org.uk.

You are also encouraged to seek independent legal advice tailored to your specific circumstances. Please note that nothing on this website constitutes legal advice or replaces professional legal consultation.

Now is the time to prepare for GDPR compliance. We recommend the following steps:

Familiarise yourself with the GDPR, particularly the changes it introduces to your existing data protection obligations.

Create or update an inventory of the personal data you process. dahlia-charity.co.uk Software can assist in identifying and classifying this data.

Review your current controls, policies, and procedures to ensure they meet GDPR requirements.

Develop a plan to address any gaps or areas requiring improvement.

Monitor updated regulatory guidance as it becomes available.

Consult a legal professional for advice specific to your business.

Under GDPR, data controllers must only use data processors that provide sufficient guarantees regarding appropriate technical and organisational measures. Below are key aspects of dahlia-charity.co.uk Software’s GDPR commitments:

Expert Knowledge We employ and collaborate with security and privacy professionals to maintain secure systems, develop security review processes, and implement robust security policies. We actively engage with customers, industry stakeholders, and supervisory authorities to support compliance needs.

Our Policies Our data processing agreements clearly outline our privacy commitments. These terms have evolved based on customer and regulatory feedback and have been updated to reflect GDPR requirements.

Functionality Our hosting facilities are based in the United Kingdom and provide all necessary functionality to support GDPR compliance, including compliant data retention and deletion processes.

Data Processing & Security We maintain high security standards and ensure timely breach detection and reporting. Our infrastructure includes security features such as Web Application Firewalls (WAF), Intrusion Detection Systems (IDS), and secure log storage through our hosting partners, Rackspace and Azure.

Processing According to Instructions All personal data provided by customers is processed strictly in accordance with the customer’s documented instructions.

Employee Confidentiality All employees are required to sign confidentiality agreements and complete mandatory privacy and data protection training.

Use of Subprocessors Data processing is carried out directly by dahlia-charity.co.uk Software, except for secure data storage handled by our hosting partners, Rackspace and Azure, who maintain industry-standard security accreditations.

Data Return and Deletion Where automatic deletion is not available, our helpdesk can delete or export customer data at any time during the service term. Data backups are retained for two weeks before being securely overwritten.

How We Support Data Controllers Data Subject Rights: We can provide exports of customer data at any time during the agreement. Data Protection Officer: Our Data Protection Officer is Nick Thompson, who can be contacted regarding data protection matters. Incident Notifications: We provide contractual commitments for timely incident notification in line with GDPR requirements. Certifications: We hold ISO 27001 and Cyber Essentials Plus certifications.

Standards and Certifications dahlia-charity.co.uk Software has been independently audited and certified to BS EN ISO 27001:2013, covering information security management in the delivery of our services.