Rhino Software Limited – Privacy Policy

Introduction

This document outlines Rhino Software Limited commitment to comply with the European General Data Protection Regulation which is commonly referred to as GDPR. 

Our Privacy Policy balances the need to be transparent with the need to avoid providing information that may assist anyone from gaining access to the Rhino Infrastructure, the technology or the data stored within the Rhino Solution.  Therefore, we reference the [Infrastructure Supplier], [Development Team] and [Partners] etc. rather than providing the names of these organizations.

GDPR Business Processes

Rhino includes a process whereby Customers can request to see the data that is stored against their account.  The customer can also choose to lock their Account where the customer record will be clearly flagged as ‘LOCKED’ in Rhino.  The Rhino App will retain data that our Businesses need to retain to comply with their Financial and Legal obligations.

Customer Enquiries from our Web Site

The Rhino website contains a series of customer enquiry forms that customers are invited to complete if they wish to initiate the process of setting up a new Rhino Account.  The data supplied by the customer via these forms is automatically emailed to a secure mailbox that is accessed by Rhino Employees for the purposes of setting up a new customer account on their behalf. 

Information provided by customers via this process is not shared with anyone outside of Rhino Software Limited except in the case where Rhino Software Limited is conducting a joint promotion with a partner.  In such cases, Rhino Software Limited reserves the right to share customer information collected whilst conducting the promotion with each specific partner.

Infrastructure

The Rhino Cloud Infrastructure is hosted by a leading Cloud Hosting Producers. 

Access to the Infrastructure is strictly controlled via security groups and a series of strictly controlled sub networks (subnets).  The Security Groups control a list of Ports that controls the types of traffic that can flow in either direction. Individual Machines are permitted access to each Port via their IP address. In addition to these restrictions, the Servers are password protected.

Rhino Software commissioned an independently Security Audit of the Infrastructure and the Application to ensure that the Rhino App complies industry security standards.

Database Architecture

The Table that controls access to the Rhino App is separate from the databases that controls access to the Customers Data.  There is a complex set of tables that would need to be combined to identify where data is stored for an individual Customer.  The Rhino Solution uses a multi-tenant Database architecture with a limit to the number of customers stored in each Database.

 

Within the Customer Database, sensitive data is limited to small number of tables with other transactional tables (e.g. Appointments, Reminders) referencing only a unique number that links it to the Customer.  i.e. you would not be able to link a note in the Rhino Database with linking it the Customer Table.

Development Resources

Rhino has ensured that the Development Resources are qualified to work within the European Union.  Furthermore, it has signed contract terms that includes NDA agreements with each individual working on the Project.