PAAM and GDPR - Our Commitment to Data Privacy

PAAM is committed to compliance with the General Data Protection Regulation (GDPR), which will go into effect May 25, 2018. The regulation contains the most significant changes to European data privacy legislation in the last 20 years. It is designed to give EU citizens more control over their data and seeks to unify a number of existing privacy and security laws under one comprehensive law.

Our customers can trust that we have made GDPR a priority and have devoted significant resources toward our efforts to comply with GDPR.

What We Are Doing

Like many other software companies, we are implementing our company-wide GDPR compliance strategy leading up to May 25, 2018 and beyond. We appreciate that our customers have requirements under GDPR that are directly impacted by their use of PAAM, and we are committed to helping our customers fulfil their requirements under GDPR.

The General Data Protection Regulation 2016 replaces the EU Data Protection Directive of 1995 and supersedes the laws of individual Member States that were developed in compliance with the Data Protection Directive 95/46/EC. Its purpose is to protect the “rights and freedoms” of natural persons (i.e. living individuals) and to ensure that personal data is not processed without their knowledge, and, wherever possible, that it is processed with their consent.

• The Managing Director and management of Hotbox Studios Ltd, whose registered office is at C/O Ascot Drummond Devonshire House, Manor Way, Borehamwood, Hertfordshire, WD6 1QQ are committed to compliance with all relevant EU and Member State laws in respect of personal data, and the protection of the “rights and freedoms” of individuals whose information Hotbox Studios Ltd collects and processes in accordance with the General Data Protection Regulation (GDPR).
• Compliance with the GDPR is described by this policy and other relevant policies such as the Information Security Policy (GDPR DOC 5.2), along with connected processes and procedures.
• The GDPR and this policy apply to all of Hotbox Studios Ltd’s personal data processing functions, including those performed on customers’, clients’, employees’, suppliers’ and partners’ personal data, and any other personal data the organisation processes from any source.
• The Data Protection Officer is responsible for reviewing the register of processing annually in the light of any changes to Hotbox Studios Ltd’s activities (as determined by changes to the data inventory register and the management review) and to any additional requirements identified by means of data protection impact assessments. This register needs to be available on the supervisory authority’s request.
• This policy applies to all Employees/Staff of Hotbox Studios Ltd such as outsourced suppliers. Any breach of the GDPR will be dealt with under Hotbox Studios Ltd’s disciplinary policy and may also be a criminal offence, in which case the matter will be reported as soon as possible to the appropriate authorities.
• Partners and any third parties working with or for Hotbox Studios Ltd, and who have or may have access to personal data, will be expected to have read, understood and to comply with this policy. No third party may access personal data held by Hotbox Studios Ltd without having first entered into a data confidentiality agreement, which imposes on the third party obligations no less onerous than those to which Hotbox Studios Ltd is committed, and which gives Hotbox Studios Ltd the right to audit compliance with the agreement.