How is access to personal data is limited to only those employees who require access for the performance of their function – SmartSpace.ai Knowledge Center

Smartspace.ai

SmartSpace.ai Data & Security FAQs

Browse our collection of Data and Information Security questions.

What is the purpose for which third parties will be processing personal data

Which locations will third parties be processing personal data

What are the names of the legal entities who will be processing the personal data

Will any third party be used to process Personal Data under the contract

Do you comply with all applicable local data protection regulations to which you are subject

What lawful basis do you rely on for transferring personal data outside the EEA (e.g., EU Standard Contract Clauses or by being registered with Privacy Shield)

Where will personal data be processed and what processing operations are being carried out from these locations

Does SmartSpace.ai process any personal data outside the EEA

Which countries will personal data will be processed in

Please describe the steps which you have taken to comply with the General Data Protection Regulation (GDPR)

Do you have a Data Protection Officer / is there an individual within your organisation who is responsible for data protection

What systems and procedures do you have in place which allow you to notify us of any data breach

What controls do you have in place to prevent, detect and mitigate the effect of data breaches

How do your systems/processes allow personal data relating to a specified individual to be identified, exported and deleted

What controls do you have in place to enable you to identify and delete data on receipt of a request to do so

How is access to personal data is limited to only those employees who require access for the performance of their function

What training is provided to employees to ensure they are aware of your obligations as a Data Processor under data protection laws

What obligations are your employees and contractors (if applicable) under to maintain the confidentiality of all information provided to them

Is SmartSpace.ai certified to any recognised information security standards (such as ISO 27001) or an approved code of conduct

What processes you have in place for regularly testing and evaluating the effectiveness of your data security measures

What ability you have to restore the availability and access to personal data in the event of an incident

What are the steps you take to ensure the ongoing confidentiality, integrity, availability and resilience of systems which you use to process personal data

What are the technical and organisational measures you take to ensure the security of any personal data

How is access to personal data is limited to only those employees who require access for the performance of their function

Q: How is access to personal data limited to only those employees who require access for the performance of their function?

A: We have policies in place to limit access to personal data to only those employees who need it for their job functions. This includes defining roles and responsibilities, managing identities, and controlling access rights. We also have physical, electronic, and managerial procedures to safeguard and secure personal information from unauthorized access and misuse.

The principle of ‘Least Privilege’ is applied in our organization to authorize access to information resources, including data and the systems that store or process sensitive data.

SmartSpace.ai Knowledge Center

December 2, 2025

ON THIS PAGE

Q: How is access to personal data limited to only those employees who require access for the performance of their function?