Data Protection and Processing

Data Protection and Processing

Data Protection & GDPR Compliance
Softext Ltd is committed to protecting the privacy and security of Personal Data entrusted to us by our customers.

In providing managed IT, Hosting, Backup, VoIP, and software services, Softext acts primarily as a Data Processor under the UK GDPR, processing Personal Data strictly according to our customers’ documented instructions.

This page explains our GDPR commitments and how we manage Personal Data, including breach notifications, security, and compliance.

Our GDPR Commitments

We are dedicated to ensuring that Personal Data is processed lawfully, fairly, and transparently. Specifically, we:

  • Implement appropriate technical and organisational security measures to protect data.
  • Ensure confidentiality for all Softext staff who have access to Personal Data.
  • Assist our customers in fulfilling their data protection obligations, including responding to requests from employees or clients (Data Subjects).
  • Maintain procedures to detect, report, and investigate Personal Data Breaches.
  • Cooperate fully with relevant regulatory authorities, including the UK Information Commissioner’s Office (ICO), when required.

Personal Data Breaches
Softext takes data breaches seriously.

In the event of a Personal Data Breach, we will notify the relevant customer without undue delay and in any event within 72 hours of becoming aware of the breach.

Notifications will include, where available:

  • A description of the nature of the breach
  • Categories and approximate number of affected Data Subjects
  • Categories and approximate number of Personal Data records involved
  • Likely consequences of the breach
  • Measures taken or proposed to mitigate potential adverse effects
  • We will cooperate fully with customers to investigate and remediate any breach and provide reasonable assistance with regulatory notifications where required.

Data Processing Agreement (DPA)

Where Softext processes Personal Data on behalf of a customer, our Data Processing Agreement (DPA) applies and forms part of the contractual arrangement between the parties.

  • The DPA outlines roles, responsibilities, and obligations under UK GDPR.
  • It covers scope of processing, processor obligations, breach notification, audits, and data return/deletion.

For further information on how we process Personal Data as a Controller, please see our Privacy Policy.

Scope and Security

Softext processes Personal Data only according to customer instructions, and the type, purpose, and categories of data are determined by the services provided.

We ensure that:

  • Sub-processors operate under contracts imposing GDPR-compliant obligations.
  • Personal Data is encrypted, access is controlled, and staff access is revoked immediately upon departure.
  • Data is retained only as long as necessary to provide our services and is securely deleted or returned upon service termination, unless required otherwise by law.

Supporting Data Subject Rights

We assist customers with requests from employees or clients (Data Subjects), such as:

  • Access to their Personal Data
  • Rectification or correction
  • Restriction of processing
  • Data portability

This ensures that customers can meet their obligations under UK GDPR and maintain trust with their own staff and clients.

Disclaimer
This page is for informational purposes only and is not a legally binding contract.