What controls do you have in place to prevent, detect and mitigate the effect of data breaches – SmartSpace.ai Knowledge Center

Smartspace.ai

SmartSpace.ai Data & Security FAQs

Browse our collection of Data and Information Security questions.

What is the purpose for which third parties will be processing personal data

Which locations will third parties be processing personal data

What are the names of the legal entities who will be processing the personal data

Will any third party be used to process Personal Data under the contract

Do you comply with all applicable local data protection regulations to which you are subject

What lawful basis do you rely on for transferring personal data outside the EEA (e.g., EU Standard Contract Clauses or by being registered with Privacy Shield)

Where will personal data be processed and what processing operations are being carried out from these locations

Does SmartSpace.ai process any personal data outside the EEA

Which countries will personal data will be processed in

Please describe the steps which you have taken to comply with the General Data Protection Regulation (GDPR)

Do you have a Data Protection Officer / is there an individual within your organisation who is responsible for data protection

What systems and procedures do you have in place which allow you to notify us of any data breach

What controls do you have in place to prevent, detect and mitigate the effect of data breaches

How do your systems/processes allow personal data relating to a specified individual to be identified, exported and deleted

What controls do you have in place to enable you to identify and delete data on receipt of a request to do so

How is access to personal data is limited to only those employees who require access for the performance of their function

What training is provided to employees to ensure they are aware of your obligations as a Data Processor under data protection laws

What obligations are your employees and contractors (if applicable) under to maintain the confidentiality of all information provided to them

Is SmartSpace.ai certified to any recognised information security standards (such as ISO 27001) or an approved code of conduct

What processes you have in place for regularly testing and evaluating the effectiveness of your data security measures

What ability you have to restore the availability and access to personal data in the event of an incident

What are the steps you take to ensure the ongoing confidentiality, integrity, availability and resilience of systems which you use to process personal data

What are the technical and organisational measures you take to ensure the security of any personal data

What controls do you have in place to prevent, detect and mitigate the effect of data breaches

Q: What controls do you have in place to prevent, detect and mitigate the effect of data breaches?

A: To prevent unauthorized access or disclosure, we have put in place physical, electronic, and managerial procedures. These procedures are designed to safeguard and secure personal information and protect it from misuse, interference, loss, and unauthorized access, modification, and disclosure.

We also have a policy that prohibits IT vendors from accessing our information security assets until a contract containing security controls is agreed to and signed by the appropriate parties. All IT vendors must comply with the security policies defined and derived from our Information Security Program.

In terms of detection, we have controls in place to restrict the use of removable media to authorized personnel. Antivirus and anti-malware tools are deployed on end-point devices (e.g., workstations, laptops, and mobile devices). These tools are configured to automatically receive updates, run scans, and alert appropriate personnel of viruses or malware.

To mitigate the effects of data breaches, we maintain cybersecurity insurance to mitigate the financial impact of business disruptions.

In the event of a breach, we have defined procedures for notifying appropriate parties, including affected individuals and various regulatory bodies. The notification timeframes and procedures are outlined in our Incident Response Plan.

SmartSpace.ai Knowledge Center

December 2, 2025

ON THIS PAGE

Q: What controls do you have in place to prevent, detect and mitigate the effect of data breaches?