The new General Data Protection Regulation (GDPR) came into effect
on May 25th 2018. It builds on existing EU data privacy rules,
strengthening in many key areas and the rights that EU individuals
have over their data, and creating a uniform data protection law across
This rule clarifies how EU resident’s personal data laws are applied,
internally within the EU and worldwide. Any organization that works
with EU residents’ personal data in any manner, irrespective of
location, has obligations to protect the data. Pragma Systems is
aware of its role in providing the right procedures and security to
support its employees, customers and suppliers and help meet our
Pragma Systems is committed to ensuring the security and protection
of the personal information that we process, and to provide a compliant
and consistent approach to data protection. We have always had a robust
and effective data protection program in place which complies with
existing law and abides by the data protection principles. However,
we recognise our obligations in updating and expanding this program
to meet the demands of the GDPR.
Pragma Systems is dedicated to safeguarding personal information
and in developing a data protection regime that is effective, fit for
purpose and demonstrates an understanding of, and appreciation for the
Our policies regarding data ownership and protection are focused
on providing you with confidence that your data remains secure, and
under your control. We have established a number of measures to ensure
that customers and their data are treated in a manner consistent with
Pragma Systems already has a consistent level of data protection
and security across our organization. Our implementation includes: -
- Information Audit - carrying out a company-wide information audit to identify and assess what personal information we hold, where it comes from, how and why it is processed and if and to whom it is disclosed.
- Policies & Procedures - Data protection policies and procedures to meet the requirements and standards of the GDPR and any relevant data protection laws, including: -
- Data Protection – Accountability and governance measures are in place to ensure that we understand and adequately disseminate and evidence our obligations and responsibilities; with a dedicated focus on privacy by design and the rights of individuals.
- Data Breaches – our breach procedures ensure that we have safeguards and measures in place to identify, assess, investigate and report any personal data breach at the earliest possible time.
- International Data Transfers & Third-Party Disclosures – where Pragma Systems stores or transfers personal information outside the EU, we have procedures and safeguarding measures in place to secure, encrypt and maintain the integrity of the data. We carry out strict due diligence checks with all recipients of personal data to assess and verify that they have appropriate safeguards in place to protect the information, ensure enforceable data subject rights and have effective legal remedies for data subjects where applicable.
- Storage and Retention of Your Personal Information
We retain your personal information for as long as necessary to
provide services requested by you, or for other essential purposes
such as complying with our legal obligations, resolving disputes,
and enforcing our agreements. Because these needs can vary for
different data types in the context of different services, actual
retention periods can vary significantly. The criteria used to
determine retention include:
In addition to providing the service and day-to-day operations,
Pragma Systems may use your data for the following:
- How long is the personal information needed to provide applicable services? This includes such things as maintaining and improving the performance of the Services, enabling system security measures, and maintaining appropriate business and financial records.
Do users provide, create, or maintain the data with the expectation we will retain it until they affirmatively remove it? In such cases, we may maintain the data until actively deleted by the user.
Is the personal information of a sensitive type? If so, a shortened retention time may be appropriate.
Are we subject to a legal, contractual, or similar obligation to retain the data? Examples can include mandatory data retention laws in the applicable jurisdiction, government orders to preserve data, or data that must be retained for the purposes of litigation.
Direct Marketing - You can opt out of receiving promotional emails
from Pragma Systems by following the instructions in those emails.
If you opt out, we may still send you non-promotional emails, such as
emails about your accounts or our ongoing business relations. You can
also send requests about changes to your information or your contact
preferences, including requests to opt-out of sharing your personal
information with third parties, by emailing
Troubleshooting aimed at preventing, detecting, and repairing
problems affecting the operation of services
Ongoing improvement of features, such as those that improve the
reliability of our software, or involve the detection of, and
protection against, threats to the services or customer data
- Providing personalized customer experiences
- Contacting you about new products and services
Most web browsers are set to accept cookies by default. If you
prefer, you can usually choose to remove cookies from within your
browser, or set your browser to block all cookies, all third-party
cookies, or particular cookies. If you choose to remove or block
cookies, this can disable or otherwise affect certain features or
services of our websites.
There are web browser signals and other mechanisms (for example,
"Do Not Track" settings) that can indicate your choice to disable
tracking, and, while we and others give you choices described in this
Policy, we do not currently honor these mechanisms.
Processor Agreements – where we use any third-party to process
personal information on our behalf (i.e. Payment Processing, Hosting
etc), we are compliant and utilize due diligence procedures for
ensuring that they (as well as we), meet and understand their/our
Data Subject Rights
In addition to the policies and procedures mentioned above that
ensure individuals can enforce their data protection rights, we
provide access via email of an individual’s right to access any
personal information that Pragma Systems processes about them and
to request information about: -
- What personal data we hold about them
- The purposes of the processing
- The categories of personal data concerned
- The recipients to whom the personal data has/will be disclosed
- How long we intend to store your personal data for
- If we did not collect the data directly from them, information about the source
- The right to have incomplete or inaccurate data about them corrected or completed and the process for requesting this
- The right to request erasure of personal data (where applicable) or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from us and to be informed about any automated decision-making that we use
- The right to lodge a complaint or seek judicial remedy and who to contact in such instances
Information Security & Technical and Organizational Measures
Pragma Systems takes the privacy and security of individuals and
their personal information very seriously and take every reasonable
measure and precaution to protect and secure the personal data that
we process. We have robust information security policies and
procedures in place to protect personal information from unauthorized
access, alteration, disclosure or destruction and have several
layers of security measures.