GDPR COMPLIANCE STATEMENT – BIGISO Portal

BIGISO (“we”, “our”, “us”) is committed to protecting the privacy and personal data of our users in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR). This statement outlines how we ensure GDPR compliance when collecting, processing, and storing personal information from users within the European Union (EU), European Economic Area (EEA), and globally.

1. Our Commitment to GDPR

BIGISO fully supports the principles of GDPR and ensures:

  • Lawful, fair, and transparent processing of personal data
  • Collection of data solely for specified and legitimate purposes
  • Storage of only the minimum data necessary for operations
  • Accuracy and integrity of user data
  • Protection of personal information using strong security measures
  • No unauthorised access, disclosure, or misuse
  • Respect for individual rights regarding personal data

2. Lawful Basis for Processing Personal Data

BIGISO processes personal data based on:

2.1 Contractual Necessity

To create accounts, manage subscriptions, enable login access, provide platform services, and maintain ISO documentation workflows.

2.2 Legitimate Interests

To improve platform features, enhance user experience, ensure system security, detect fraudulent activity, and maintain service continuity.

2.3 Consent

When users explicitly agree to receive communications, marketing updates, or voluntarily provide optional information.

2.4 Legal Obligation

When required to comply with applicable laws, regulations, audits, or legal proceedings.

3. Types of Personal Data Processed

3.1 Personal Identification Data

  • Name
  • Email address
  • Phone number

3.2 Company Information

  • Company name
  • Business details
  • ISO-related documentation and workflows

3.3 System Usage Data

  • Login activity
  • IP addresses
  • Device/browser information
  • Interaction logs

3.4 Subscription & Billing Details (If applicable)

  • Billing contact information
  • Transaction records

We do NOT store credit or debit card numbers.

4. Data Protection Measures

We maintain strong security controls to protect personal data:

  • SSL/TLS encryption
  • Password hashing (bcrypt or modern encryption standards)
  • Encrypted data transmission
  • Role-based access permissions
  • Regular backups
  • Audit logs
  • Secure hosting infrastructure
  • Limited internal staff access

Despite these measures, no system is 100% risk-free, but we follow industry-standard best practices.

5. Data Subject Rights Under GDPR

Users have the following rights:

5.1 Right to Access

Request a copy of their personal data.

5.2 Right to Rectification

Update or correct inaccurate data.

5.3 Right to Erasure (“Right to be Forgotten”)

Request deletion of personal or organizational data, subject to legal obligations.

5.4 Right to Restrict Processing

Limit the way we use personal data.

5.5 Right to Data Portability

Download/export stored information in a structured format.

5.6 Right to Object

Opt-out of non-essential communications or processing.

5.7 Right to Withdraw Consent

Withdraw consent at any time for optional data collection.

To exercise these rights, users may contact:

📩 support@thebigiso.com

6. Data Transfers Outside the EU

BIGISO may use secure third-party hosting providers located outside the EU. When transferring data internationally, we ensure:

  • Adequate data protection safeguards
  • EU Standard Contractual Clauses (SCCs) where applicable
  • Compliance with GDPR international transfer rules

7. Data Retention

We retain data only for:

  • The duration of the user’s active subscription
  • Legal and audit requirements
  • Platform functionality

After subscription cancellation:

  • Data is stored for 90 days
  • After 90 days, data may be permanently deleted unless extended by user request.

8. Third-Party Processors

We may use GDPR-compliant third-party providers for:

  • Cloud storage & hosting
  • Payment processing
  • Email delivery
  • Analytics
  • Customer support tools

Each third-party provider follows strict data protection agreements.

9. Breach Notification

In the unlikely event of a data breach:

  • Affected users will be notified within 72 hours
  • We will cooperate fully with regulatory authorities
  • Immediate actions will be taken to secure systems and mitigate risks

10. Contact Information

For GDPR concerns or data protection requests:

© BIGISO. All rights reserved.