GDPR

The General Data Protection Regulation (GDPR) imposes more stringent rules on companies that offer goods and services to people in the European Union (EU), or that collect and analyse data relating to European residents. We believe that the GDPR is an important step forward in clarifying and protecting individual privacy rights. Open minds High Availability Solutions (Open Minds) takes the protection and privacy of all data seriously. We understand that you may have questions, and even some concerns, about how we handle your data and the impact of these significant ongoing regulatory changes. Therefore, we have prepared this document to address some of the key questions around how we have addressed our own GDPR compliance. We ensure that the protection of your client data is not compromised, thus we are fully compliant with our legal and regulatory responsibilities. And we continue to provide the highest standard of services to you, as our clients, globally. We at Open Minds have taken all the necessary steps to ensure our compliance with the GDPR:

We carried out a personal data audit to document our processing activities.
We carried out any applicable risk assessments and mitigation’s as required under GDPR.
We updated existing and implemented new policies and procedures to comply with the enhanced and new rights and obligations.
We introduced new and improved training for our employees to ensure continued “good data handling”.
We audited our supply chain to ensure our suppliers are complying with the GDPR and are subject to compliant contract terms and conditions.
We kept a watching brief on and implemented best practice and regulatory guidance in the countries that we carry on business And we will continue to maintain and improve these activities on an ongoing basis.

WHAT PERSONAL DATA DOES OPEN MINDS PROCESS?

What personal data Open Minds processes will depend on the products and services that you purchase from us. In most cases, Open minds will process only very limited (non-sensitive) personal data of you as our client. For normal transactional business (being the provisioning and supply of standard third party products and services), the data is likely to be limited to the contact details of client employees as necessary to receive, fulfil and deliver your order, and for normal account management and reporting purposes (where required). If we provide you with consultancy, managed or other professional IT services then the processing will be focused on the fulfilment of the services engagement. Ordinarily there will be a statement of work or similar document which details the specific services (which helps to explain the type of data processing activities required). Again there will be the normal account management and possibly reporting services requested by you.

It is important to point out that Open Minds does not always have a link in the data processing chain in respect of all products and services purchased by you as our client. An example is where you purchase third party Cloud or other standard services (e.g. software support and maintenance) which are performed by the third party under a direct agreement with you as client. In this instance, Open Minds only transacts the services, and would normally only process data as described under the normal transactional business paragraph above. Any data processed by the third party service provider as part of the products or services will be subject to the terms agreed directly between yourself and the service provider, which is often contained in the End User License Agreement or similar terms. An exception may be where Open Minds has access to some personal data to provide direct services, in which case Open Minds would be processing only the data it has access to in order to perform those services. © Open Minds 2019 Unless we agree otherwise directly with you then our privacy policy available online (www.openminds.co.uk) details the way in which we handle and use your personal data. Our privacy policy also applies to how we use contact data for marketing. If your individual employees consent to receive direct marketing from us then they are free to change their preferences or opt-out of receiving further marketing communications at any time. Our standard terms and conditions of business have also been updated to be compliant with the GDPR, pursuant to which we confirm our commitment to process client data in accordance with the GDPR. A Global IT Organization – Data Residency We recognize that the residency or location of personal data is important for many companies. There is a small minority of client personal data which is processed outside Europe. However, such data is mostly limited to reporting for global clients and is ordinarily restricted to the basic business contact information of those individuals involved in receiving our services. Any such processing is in line with any contractual arrangements we have with particular clients, and would be covered by the legal framework we have in place to effect such transfers. Insight maintains a dual framework for the legal transfer and processing of personal data outside of Europe.

INFORMATION SECURITY

Information security is one of the most important elements of the GDPR. Open Minds recognizes that ensuring the confidentiality, integrity and availability of information entrusted to Open Minds by its partners and clients is vital. Open Minds maintains a formal global Information Security program that implements standards and controls aligned with industry standards and best practices to facilitate the proper measures of protection across the organisation. With the frequency of change that occurs in the threat landscape that continues to pose a risk to this type of information as well as the continued changes in information protection and privacy laws around the globe, Open Minds as a standard practice, continually reviews, assesses and updates it’s security program and controls as necessary to meet these emerging threats and risks.

Open Minds Information Security program ensures a standard of controls across all layers of organisation to address risks at the staff, business process and technology levels to include, but not limited to the following:

Policies and Standards
Third-party due diligence
Employee training and awareness
Business Continuity and Disaster Recovery
Risk Management and Mitigation
Data Breach/Incident Management

In Summary Open Minds has conducted a detailed and comprehensive program of compliance to the enhanced requirements of the GDPR, and we are committed to processing your data in accordance with this high standard.

Cookie	Duration	Description
_lfa	1 year	This cookie is set by the provider Leadfeeder to identify the IP address of devices visiting the website, in order to retarget multiple users routing from the same IP address.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_clck	1 year	Microsoft Clarity sets this cookie to retain the browser's Clarity User ID and settings exclusive to that website. This guarantees that actions taken during subsequent visits to the same website will be linked to the same user ID.
_clsk	1 day	Microsoft Clarity sets this cookie to store and consolidate a user's pageviews into a single session recording.
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
CLID	1 year	Microsoft Clarity set this cookie to store information about how visitors interact with the website. The cookie helps to provide an analysis report. The data collection includes the number of visitors, where they visit the website, and the pages visited.
MR	7 days	This cookie, set by Bing, is used to collect user information for analytics purposes.
SM	session	Microsoft Clarity cookie set this cookie for synchronizing the MUID across Microsoft domains.

Cookie	Duration	Description
ANONCHK	10 minutes	The ANONCHK cookie, set by Bing, is used to store a user's session ID and verify ads' clicks on the Bing search engine. The cookie helps in reporting and personalization as well.
MUID	1 year 24 days	Bing sets this cookie to recognise unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.

Cookie	Duration	Description
_lfa_test_cookie_stored	less than a minute	Description is currently not available.
8v2h68hz	5 days	Description is currently not available.
ge312umr	5 days	Description is currently not available.
lo-uid	1 year 1 month 4 days	Description is currently not available.
lo-visits	1 year 1 month 4 days	Description is currently not available.
vkjhtkil	5 days	Description is currently not available.