GDPR Compliance

UK & EU Data Protection Standards

InnoFeature Labs is committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have created this page to explain our role as both a Data Processor and Data Controller under the General Data Protection Regulation (GDPR).

1. Our Commitment to Data Protection

Our data protection policy has been designed to meet the requirements of the GDPR. We ensure that personal data is:

  • Processed Lawfully: Collected fairly and transparently for legitimate business purposes.
  • Purpose Limitation: Collected for specified SaaS/ERP development needs and not further processed in an incompatible manner.
  • Data Minimization: Limited to what is strictly necessary for project execution.
  • Accuracy: Kept up to date and rectified without delay if found inaccurate.

2. Individual Rights Under GDPR

As a client or user of InnoFeature Labs services, you have the following rights regarding your personal data:

  • The Right to Access: You can request a copy of the data we hold about your business.
  • The Right to Erasure: Also known as the ‘right to be forgotten,’ you can request that we delete your data when it is no longer necessary.
  • The Right to Data Portability: You can request that we transfer your project data to another controller in a machine-readable format.
  • The Right to Object: You can object to the processing of your data for marketing or profiling.

3. Data Processor vs. Controller

When we build custom CRM or ERP systems for you, InnoFeature Labs typically acts as a Data Processor, handling data on your behalf. In these cases, the client remains the Data Controller. We sign a Data Processing Agreement (DPA) to ensure all sub-processors (like AWS or Azure) meet the same high-security standards.

4. Technical & Organizational Security

We implement "Privacy by Design" in our software engineering lifecycle. This includes:

  • End-to-end encryption for sensitive database fields.
  • Strict Access Control Lists (ACLs) for project repositories.
  • Regular vulnerability assessments for all SaaS deployments.
  • Two-factor authentication (2FA) for internal administrative access.

5. International Data Transfers

If data is transferred outside the European Economic Area (EEA) or the UK, we ensure that appropriate safeguards, such as Standard Contractual Clauses (SCCs), are in place to provide an adequate level of protection.

6. Contact Our Data Protection Desk

For any GDPR-related inquiries or to submit a Subject Access Request (SAR), please reach out to us:

info@innofeaturelabs.com