Skip to main content

GDPR Statement – Millersoft Ltd

Effective Date: 21 April 2025
Last Updated: 21 April 2025

Millersoft Ltd is committed to ensuring the protection and privacy of all personal data processed on behalf of our clients. As a provider of Software-as-a-Service (SaaS) and related development and integration services, we often act as a data processor under the UK General Data Protection Regulation (UK GDPR) and EU GDPR, where our clients act as the data controllers.

1. Our Role as a Data Processor

When providing software and technical services (e.g., Sheetloom, integrations, hosting support), Millersoft Ltd processes personal data solely on behalf of our clients and in accordance with their documented instructions.

We do not determine the purposes or means of processing. Instead, we act under the lawful authority and written direction of the client (the controller).

2. Our Data Processing Commitments

In our capacity as a processor, Millersoft Ltd agrees to:

  • Process personal data only on the written instructions of the controller;
  • Ensure that all personnel handling personal data are bound by confidentiality obligations;
  • Implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk;
  • Assist the controller in fulfilling data subject rights (such as access, correction, deletion) when feasible;
  • Assist in meeting obligations under Articles 32–36 of the GDPR (e.g., security, breach notification, DPIAs);
  • Delete or return all personal data at the end of the contract, unless retention is required by law;
  • Maintain a record of processing activities when required by law;
  • Provide access to relevant information to demonstrate compliance and allow for audits or inspections;
  • Notify the controller without undue delay upon becoming aware of a personal data breach.

3. Sub-Processors

Millersoft may engage sub-processors (e.g., hosting or cloud infrastructure providers) to fulfil aspects of its services. We ensure that:

  • Sub-processors are contractually bound to comply with equivalent data protection obligations;
  • A list of sub-processors is available upon request;
  • Clients are notified of changes to sub-processors, with the opportunity to object when appropriate.

4. International Transfers

Where we or our sub-processors transfer personal data outside the UK or EEA, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission or UK ICO;
  • Other approved mechanisms under applicable data protection law.

5. Contact and Questions

For questions about how Millersoft Ltd processes personal data on behalf of its clients or to request a copy of our standard Data Processing Agreement (DPA), please contact:

Data Protection Officer
Millersoft Ltd
Stuart House, Eskmills, Musselburgh, EH21 7PB