Prime Timetable is GDPR compliant

How long do we hold data for?

When using the Prime Timetable, Website and SaaS, the customer is the responsible Data Controller. The Data Controller should determine the appropriate length of time to store and maintain personal data.

Should a customer terminate their subscription, then current system data and associated backups will be retained for a maximum of 1 year, with the specific purpose to support migration or retrieval of the data by the customer. Data residing on backups is encrypted to industry standards and held for a maximum of 1 year.

Who is responsible/what is the process for removing data?

The Data Controller is responsible for determining how long personal data should be held and for the archiving and removal of personal data from our services. Our platform provides tools to download your archive and delete your account at any time.

Who has access to customer data and what is the purpose of this access?

Members of the Prime Timetable support team based upon role and permissions have access to customer data and this is specifically to provide an incident and problem management function or analyze and evaluate the quality of the service provided.

What levels of data security do we employ?

The Prime Timetable SaaS is secured to industry standards. Our cloud data centres are located in the US. Our US located cloud hosting provider is ISO/IEC 27001:2013 certified. Our standard security protocols include:

Last revised: February 2, 2019