Data Protection and Security

    Last updated: 18th February 2026

    OLT ERP Limited is committed to maintaining the highest standards of data protection, privacy, and information security. We design and operate our systems in accordance with UK GDPR, the Data Protection Act 2018, and recognised information security best practices.

    1. Our Commitment

    We implement appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. Our systems are designed with security and privacy by design and by default.

    2. Roles and Responsibilities

    OLT ERP Limited acts as:

    • Data Controller for personal data collected via our website.
    • Data Processor when providing software services such as Eudemonic AI or Student Information Systems to institutional clients.

    Institutional clients remain the Data Controller for their data.

    3. Secure Hosting Infrastructure

    Our systems operate on secure cloud infrastructure with enterprise-grade protections including:

    • Secure data centres
    • Network security controls
    • Infrastructure monitoring
    • Physical and environmental security

    Data is hosted within the United Kingdom or European Economic Area (EEA), unless otherwise agreed.

    4. Technical Security Measures

    • HTTPS encryption for all communications
    • Access control and authentication
    • Role-based access permissions
    • Secure password and authentication controls
    • System monitoring and logging
    • Regular software updates and patching

    5. Organisational Security Measures

    • Restricted access to authorised personnel only
    • Confidentiality obligations
    • Security awareness practices
    • Controlled access to systems and data

    6. Data Processing and Confidentiality

    OLT ERP Limited processes institutional data only under documented instructions from institutional clients, in accordance with applicable Data Processing Agreements and UK GDPR requirements.

    7. Incident Response

    We maintain procedures to identify, investigate, and respond to security incidents. If a personal data breach occurs, we will notify affected clients without undue delay in accordance with legal requirements.

    8. Data Minimisation and Access Control

    We collect and process only the minimum data necessary for defined purposes. Access to data is restricted based on role and operational requirements.

    9. Data Retention and Deletion

    Data is retained only for as long as necessary to fulfil operational or contractual requirements. Secure deletion procedures are applied when data is no longer required.

    10. Compliance and Governance

    OLT ERP Limited operates in alignment with:

    • UK GDPR
    • Data Protection Act 2018
    • Information Commissioner’s Office (ICO) guidance
    • Institutional data protection requirements

    11. Contact

    For security or data protection enquiries:
    Email: ceo@olterp.co.uk