GDPR at Monk Tech Labs
Monk Tech Labs values user privacy and is dedicated to ensuring that our platforms TheHouseMonk & TheOfficeMonk are in line with the General Data Protection Regulation (GDPR) standards.
Understanding GDPR
The GDPR grants individuals the right to understand the personal data held about them, and the means of its storage and processing, and offers them the authority to request the erasure of their personal data.
What Constitutes Personally Identifiable Data?
This refers to any data that uniquely identifies an individual. Examples include names, personal email addresses, phone numbers, home addresses, age, medical details, social security numbers, and credit card details.
Monk Tech Labs Position in the GDPR Landscape
Monk Tech Labs products only serve as Data Processors. We don’t gather end-user personal details during sign-up or onboarding. Clients using TheHouseMonk or TheOfficeMonk (the Controllers) are advised to gather only details necessary for the operations such as name, permanent address, office addresses, phone numbers, and emails. Controllers also bear the responsibility to delete user data when a user exits their organisation. We ensure that once data is removed from TheHouseMonk or TheOfficeMonk, it remains absent from our servers and databases.
Our GDPR Commitments:
No mandatory collection of personal details. Clients are encouraged to use official email IDs and phone numbers during sign-up.
Monk Tech Labs retains no personal data beyond its necessary period.
We maintain data access and processing transparency, ensuring data is available only to designated personnel via Identity and Access Control Management.
We never harvest or store any sensitive personal data, either directly or indirectly.
Should a data breach occur, Monk Tech Labs pledges to notify affected clients promptly.
All Monk Tech Labs employees undergo GDPR training.
Detailed Personal Data Management in Monk Tech Labs:
Sign-up Form:
Only the user’s name and work email is collected and stored in the Account_Users database table. This information is kept encrypted, with the user ID used as a reference elsewhere in the database.
Add Users & Related Forms:
Name, email ID, and potential phone number are recorded in the Account_users table. Email IDs and phone numbers are vital for notifications linked to invoices, leases, tickets, work orders, notices, etc. All data interactions are secure.
Visitor Management:
Data is securely stored and processed, ensuring all interactions (like invites and notifications) occur on secured lines.
Vendor Management Form:
This primarily captures official vendor details. However, the potential to include personal information exists. This data is used for various operations, always on secure channels.
Data in Monk Tech Labs is referenced in numerous areas, including work order assignments, asset management, and more.
Data Access within Monk Tech Labs:
Access to the primary data storage is restricted, with only a select few at Monk Tech Labs having access. After onboarding, clients are advised to alter passwords to reinforce data security.
Controller Responsibilities:
TheHouseMonk or TheOfficeMonk application may vary across clients. Thus, each client must assess their unique configuration to ensure GDPR compliance. Regular audits are crucial for maintaining this compliance.
Conclusion:
Monk Tech Labs’ primary data repositories include Person/Users, Staff/Tenant/Visitor/Vendor sections, among others. However, the structure of our databases ensures that if there’s ever a need or concern, data can be swiftly removed by the controllers without causing issues.
By adhering to these practices, Monk Tech Labs ensures that TheHouseMonk & TheOfficeMonk remain GDPR-compliant, offering both security and control to our valued clients.