Holly Social – a whitelabel social media scheduler

GDPR Compliance

Statement for our customers

The General Data Protection regulation (GDPR) came into force on the 25th of May 2018. Holly Social Limited believes that privacy is a very important right and wishes to assure all the company’s customers that we work hard on ensuring compliance in all areas of the company.

Within this statement we wanted to highlight the measures we have put in place to ensure compliance with GDPR where we hold or process personal data on your behalf.

View our GDPR procedures »View our Privacy Policy »

Customer contacts


To adhere to the GDPR requirement that a data controller must appoint the processor in the form of binding written agreement, with the personal data processed (including the activities of any sub- processors) only on documented instructions from the controller or the requirements of EU law or the national laws of Member States, we will be reviewing with our customers all our agreements to ensure compliance. This will ensure that relevant wordings are in place to cover aspects such as cover the duration, nature and purpose of the processing, the types of data processed and the obligations and rights of the controller. It will also, where applicable, cover cross border transfers and the use of any sub processors.

Security and business continuity measures


Holly Social Limited continually seeks to ensure the confidentiality, integrity and availability of the personal data we store or process. We maintain appropriate technical and organisational security measures to protect personal data against accidental or unlawful destruction or loss, alteration, unauthorised disclosure or access.

In demonstration of this, we have processes compliant with the following standards:

  • ISO 9001:2015 certification for Quality Management Systems
  • ISO27001:2013 certification for Information Security Management Systems
  • PCI-DSS Version 3 certification for handling payment card data
  • BS EN 15713:2009 compliance for Secure destruction of confidential material
  • Bcrypt for encryption

Data breaches


Under the GDPR, we must notify any data breach to the ICO within 72 hours of discovering the breach. Holly Social Limited therefore has processes and procedures in place for identifying, reviewing and promptly reporting data breaches to the ICO.

We would provide the controller with:

  • A description of the nature of the breach
  • Contact details of the responsible person within the company
  • Likely consequences of the breach
  • Proposed and imposed measures that were taken to limit harmful effects

We would stress again that we have comprehensive technical and organisational security measures in place to mitigate against a data breach.

Authorised users may view our procedures for identifying, preventing and reporting data breaches.

Data subject rights


Under the GDPR there are significant enhancements to the rights that individuals enjoy with regards their personal data. Holly Social Limited can work with customers for whom we hold or process personal data in order to determine how best to facilitate:

  • Handling Data Subject Access Requests Rectification of personal data
  • The application of retention periods and the secure erasure / destruction of personal data
  • Responding to data portability requests, providing it in a structured, commonly used and machine-readable format

Statement released: Thursday May 10th 2018

Last updated: Tuesday May 15th 2018