PROGRAMS for REFRIGERATION & AIR CONDITIONING PROFESSIONALS by MISTRAL
EU GDPR 2018 (General Data Protection Regulation). française
Page 1: Project purpose.
Page 2: Data Collection.
Page 3: Scope and contents of modus operandi.
Page 4: Objectives and brief history.
Page 5: Risk Assessment.
Page 6: Measures to reduce risk.
Page 7: Perceived risk through third parties.
General DPIA Project Statement
(Data Protection Impact Assessment)
DPIA page 1
1) Collection of data for purpose of identifying eligibility for named individuals employed in organisations meeting target market of both existing and prospective customers to be provided with access to commercially sensitive proprietary product data.2) Collection of data for purpose of reducing risk of highly valuable intellectual property being hacked, backwards engineered or obtained by unauthorised parties for uses detrimental to the vested commercial and financial interests of both the software developers and also those interests of the contractual clients of the software developers.
Self contained technical Application Engineering software compendium designed to calculate mechanical engineering installation parameters for matching to proprietary dynamic selection data for manufactured mechanical devices.
Identification of suitably qualified individuals for eligibility for free access to described software compendium for time limited periods of up to one year.
Providing a means for ensuring targetted recipients of described software compendium are adequately protected against access to obsolete proprietary data as and when it is related to manufactured engineering products that are withdrawn from commercial sale or which is substantially altered in its technical selection criteria.
Providing a means for ensuring targetted recipients of described software compendium are adequately protected against use of software that might subsequently be found after installation to require upgrading or updating in order to meet issues presented by the user's computer Operating System or by the advent of malicious software dispersed by malevolent third parties.
It has been determined by the developers in collaboration with the developer's software project partners (Sponsors) that as a minimum the following data needs to be collected and retained in a digital data recovery system for specific periods of time and which time is related to documented contractual agreements drawn up between the developers and their software project partners (Sponsors).
1) Full name of intended software installer.
2) Legally registered name of organisation (if any) for whom the intended software installer is employed.
3) Geographic location and country of intended software installer.
4) Email address of intended software installer.
5) Time period by calendar date for which access to the intellectual property resource along with any interactive proprietary data will be provided for the intended software installer.
6) Unique software Access Registration Code required for purposes of configuring the described software compendium for purposes of meeting local installation and Operating System requirements at time of installation and for setting of date set access time limit.
DPIA page 2
The data will be collected through voluntary completion of Internet website based software download request forms where the nature of the software is described along with the purpose for the collection of the user's input data, how such data will be used, what parties will have access to such data and for how long it will be retained.
All such data as retained by the developers (if all or any) will not be stored in any digital data retrieval system that is connected to the Internet. All such data (if all or any) will be migrated to stand alone computers and which require password access only by senior, authorised officers of the developer.
At the termination of a period of contractual agreement with a client of the software developer the related collected data will be irretrievably deleted from the stand alone computer, including any data held on any stand alone security backup computer.
Data will be shared with contractual clients of the software developers strictly associated with that collected against individual contractual clients' on-line download request forms and which forms are hosted solely by the developers on behalf of individual contractual clients (Sponsors).
Data will be collected each time a visitor visits a download request page and completes and submits the request form. This may occur just once in any one contractual agreement period and which will never exceed one calendar year. However downloaders may return to a download request page to submit a fresh request at any time. Either because the user wishes to update or upgrade their current installation due to a commercial interest in keeping their installation up to date or upon the advice of either the developers or the contractual clients of the software developer. Unlike Microsoft Corporation neither the developers nor the contractual clients of the software developer force a user to upgrade or update whether they wish to or not!
The 'target' recipient audience for the intellectual property are suitably qualified and authorised professional individuals working in or closely associated with the world's industrial and commercial refrigeration industry (generally responsible for providing safe food for consumption by the world's population) and for the world's suitably qualified and authorised professional individuals working in or closely associated with the world's industrial and commercial air conditioning industry. Geographic location is 'Whole of World', with the exception of The People's Republic of China and associated territories, wherein the developers consider the security risks of providing access to highly valuable digital intellectual property are unacceptably too high.
All data voluntarily submitted through the developer's Internet web site hosted software download forms are informed that their data will be used solely for the purpose as stated on the download request forms and will not under any circumstances be passed to any other third party.
In any event no personally sensitive information is requested. No questions relating to requester's lifestyle choices, financial or banking or credit details, physical, gender, age, marital status, formal qualifications, precise location address, criminal record, health, race, religion, politics, employment history are asked, sought, collected or retained.
Furthermore, no data is collected or stored against any user to either website pages or to computer programs in connection with keystroke patterns, visit history or patterns of software operation. Any suggestions or instructions presented to visitors and to program users are generated as a necessary, logical function of operation and for obtaining appropriate program results or advice for users and are made in good faith and also made totally anonymously. No such data as described in this paragraph is passed to any third party or stored in any data retrieval system, including the Cloud.
The intended effect on individuals is solely to provide them safely and securely with a means to perform their work more efficiently, more accurately, more easily, more reliably, more professionally, more likely to meet legislative requirements and faster. Thus encouraging them to purchase legally distributed engineered products in common usage throughout the world and which are manufactured for sale and for profit by the individual contractual clients who fund the software developer's software product. All without unlawful inducement, cohersion or monopolistic software manipulation tactics.
The benefit for the developers is to fulfill a legal objective in meeting the development and ongoing maintenance costs of advanced Expert System software products; ultimately returning a profit return upon investors financing of the software developer's organisation.
DPIA page 3
The scope and contents of the developer's modus operandi are openly declared within the developer's Internet website and which is currently ranked in the world's top 10% of most visited. Along with the contents of this DPIA recommended document the developer's modus operandi and its thirty five year trading history, uninterrupted in providing its declared market are frequently discussed with its core financial supporters and contributors. Namely contractually agreed Sponsors and essential independent third party software development consultants.
The developers consider its own continuous and ongoing research into IT security, along with complying with Microsoft Corporation's 'Code Signing' security system and the developer's strictly adhered to policy of no deviation from its modus operandi are sufficient in meeting the developer's IT security needs and those of the developer's clients and software system users.
Additionally the developers refer to and maintain their own documented, proven and published Quality Assurance procedures. The developers are managed by a team comprising individuals all of whom possess formal qualifications and considerable experience in business practice, finance and banking, industry related engineering, sales and marketing and Information Technology.
The developers also provides expert IT security advice to others.
DPIA page 4
The developers are a legally registered business entity with a declared, publicly stated, sole objective of developing and providing specific Expert System software to its targetted market place. The developer's published modus operandi prohibits any deviation.
The process of supplying the developer's products to its target market place are the ONLY viable way of doing so.
All processes involved are of the highest quality, are well proven to be secure and reliable and the developer's user pre and post product installation support is unquestionably infallible.
The developer's thirty five year success rate in providing the highest quality application engineering software for the industry it serves is 100%.
The developer's QA records show zero failure to provide users with stated product definition and to date have never been asked to provide any refund or restoration under stated warranty or published guarantee statements.
All user's of the developer's products are provided with full, transparent and immediate access to both local product contained and also on-line support through series of simple to access, multi-lingual help and advice pages. Additionally all users, howsoever they obtained access to the developer's intellectual property, whether a direct fee paying client or via third party provided access through a Sponsor, are freely able to contact the developers independently through easy to find provided contact information.
The developer's operate a business run by professionals and therefore 'Function creep' does not occur.
Transfer of data across international borders only occurs following specific and detailed consultation between all involved parties and which is subsequently documented and retained.
All individual contractual clients (Sponsors) of the developers are made aware of the auspices of and their obligations under the EC General Data Protection Regulations 2018 and also the UK Computer Misuse Act 1990, both through the developer's own on-line published information and also during individual negotiations with authorised officers of individual contractual clients (Sponsors).
The developers demand and expect that their contractual clients will meet the auspicies of and comply with the EU GDPR 2018. However the developers state that they cannot and will not be held responsible for, or liable for, any damages, loss of income or defamation to any party, whether caused accidentally or intentially, by any failure of their contractual clients to do so.
DPIA page 5
Source of risk and nature of potential impact on individuals. Include associated compliance and corporate risks as necessary.
Likelihood of harm: Remote.
Severity of harm: Minimal.
Overall risk: Low.
DPIA page 6
Measures to reduce risk.
No additional risks identified.
The developer's modus operandi and documented and maintained QA systems procedures are deemed adequate to protect the security interests of the developer's clients and users.
This situation is under constant review at regularly set intervals by the developer's officers.
No user's collected data is stored in any data retrieval system that is connected to the world-wide web.
The developers do not maintain any account with any Social Media providers such as Facebook, Twitter or WhatsApp or any of their contemporaries nor has any intention of ever doing so.
The developers do not maintain any email account with either Google or Microsoft Corporation or any other organisation where a history of personal data security breaches has occured in the past.
DPIA page 7 (Amendment and additional page - 17 October 2020)
Perceived risk of data disclosure through third parties.
Mistral Associates trades with the essential contractually retained services of banks and escrow partners. Without whose financial services Mistral Associates would be technically unable to provide its products and services through its on-line Internet platform.
Mistral Associates however neither collects nor is even made aware of its customers' bank account or credit card or debit card details. Additionally Mistral Associates does not retain any customer details, including company name, staff names, geographical location address, telephone numbers, Email address, account or transaction value or trading history on any computer or digital data storage device that is connected to the Internet.
However, it is not unreasonable to assume that Mistral's banks and escrow partners do essentially retain such sensitive data. It would be impossible for them to conduct their operations without doing so. Mistral Associates formally disassociates itself from any liability in the event of any security issue arising from illegal use, by any means, of such data as collected and possibly retained by the banks and escrow partners whose services it contractually retains.
Mistral will formally request details of what provisions its contractually retained banks and escrow partners have made and have published and declare that Mistral Associates intend to provide links on these pages as to where this information is made available for public inspection.
This DPIA will be kept under review by: Chris Smith Managing Director Mistral Associates
This DPIA statement created: 30 November 2019.
First review and amendment: 1 January 2020.
Second review and amendment: 17 October 2020.
Third review with no amendment: 1 January 2021.