Call: +353-8183 700 60

General Data Protection Regulation (EU GDPR)

General Data Protection Regulation

General Data Protection Regulation (EU GDPR)

The European Union General Data Protection Regulation (EU GDPR) aims to regulate the collection, processing, storage, deletion, transfer, and use of personal data of EU residents. Any company handling EU personal data will have to comply with the new rules.

 

We do not provide legal advice and this content is not intended to provide, and should not be considered as legal advice. On 25 May 2018, the European data protection legislation was enforced (European Union’s (EU’s) General Data Protection Regulation (GDPR)) and has replaced the 1995 European Union Data Protection Directive.

 

This new policy aims to put EU residents in control of their personal and sensitive data. The GDPR regulates how data is collected, processed, stored, deleted, transferred, and used. We are obligated to comply with the regulation. As a data processor, we are committed to maintaining the privacy and confidentiality of your data entrusted to us. Your personal data is encrypted at rest and during transmission. We have also implemented several security controls to protect personal data and the physical locations in which it is hosted. All data is kept in Germany - location facilities maintain ISO 27001 certifications.

 

To enhance our security measures, a state of the art automation tool has been built to ensure system integrity at the application level.

 

CERTIFICATIONS AND COMPLIANCE

As a data processor, Cetbix is committed to maintaining the confidentiality, integrity and the privacy of the personal data entrusted to us. We have a documented Information Security Program describing how technical and administrative security controls are implemented to protect personal data and the physical locations in which it is hosted. Data is kept in European co-location facilities maintain ISO 27001 certifications. Access controls mechanisms are established for physical and logical access to the facilities and the infrastructure hosting the services.

 

All physical and logical access is logged and analyzed for inappropriate access. Physical security controls for the facilities hosting the services include 24x7 on-site security, local and remote security and environmental monitoring, and redundant power and environmental controls. Physical and logical access authentication for Proofpoint personnel is performed using two-factor authentication and is granted based on the employee’s role. We have built a state of the art automation tools, designed to ensure system integrity at the application level.

 

A highly trained team of security professionals is responsible for documenting and deploying security controls. A separate team is responsible for performing Continuous Monitoring to ensure that these controls remain effective and in-place. The infrastructure hosting the SaaS services is actively monitored with agents collecting hundreds of metrics specific to hardware, networking, and the OS. These metrics are compared against well-established baselines. Alerts are automatically generated when thresholds are crossed and escalation schemes are systematically enforced so that potential issues are addressed in a timely manner. Operations personnel are available 24 hours a day, 7 days a week to respond to any infrastructure issues.

 

DATA PROCESSING AGREEMENTS / MODEL CLAUSES (SCCs)

Cetbix enters into GDPR data processing agreements, which incorporate the 1995 EU Data Protection Directive’s Standard Contractual Clauses(also known as Model Clauses), with customers.

 

OUR COMMITMENT

The Cetbix is committed to providing GDPR compliant services to our customers. Our product is designed with data security in mind and already have many GDPR compliant features built in.

For collecting data covered by The General Data Protection Regulation (GDPR) the Data Controller is Steven Furnell.

Please read the following privacy:

Cookie Policy

Data Privacy

Terms and Conditions