Our Commitment to GDPR Readiness
GDPR stands for the General Data Protection Regulation and is effective as of May 25th, 2018. GDPR replaces national privacy and security laws that previously existed within the EU with a single, comprehensive EU-wide law that governs the use, sharing, transfer and processing of any personal data that originates from the EU.
Our policy is to respect all laws that apply to our business and this includes GDPR. We also appreciate that our customers have requirements under GDPR that are directly impacted by their use of Invarosoft products and services. We are committed to helping our customers stay in compliance with GDPR and their local requirements.
Here are a few things that Invarosoft is committed to doing to ensure our compliance with GDPR and that of our customers:
- Where we are transferring data outside of the EU, Invarosoft commits to having the appropriate data transfer mechanisms in place as required by GDPR.
- Invarosoft commits to follow appropriate security measures and precautions in accordance with GDPR.
- Invarosoft will assist with notifying regulators of breaches and promptly communicating any breaches to customers and users.
- We will ensure that employees authorized to process personal data have committed to confidentiality.
- We will hold any sub processors that handle personal data, including our data center partners, to the same data management, security, and privacy practices and standards to which we hold ourselves.
- Invarosoft commits to carrying out data impact assessments and consulting with EU regulators where a data impact assessment indicates a high risk associated with processing without an appropriate mitigating strategy.
- Where appropriate, we will offer contractual language documenting our commitments to our customers to support their GDPR obligations.
- Invarosoft will assist our customers, insofar as possible, to respond to data subject requests our customers may receive under the GDPR.
Invarosoft and GDPR
Invarosoft acts as a data processor for your company data and we’ve mapped out everywhere your data exists and how it moves throughout our systems.
- Privacy. We’ve taken a very deliberate approach to respecting our clients’ privacy. We only collect the data we need at any point to provide the promised services.
- Data Categories. We categorize the data we collect and receive in the following ways for Invarosoft: Account Data, Subscriber Data, Partner Data, Client Data and Ticket Data.
- Invarosoft Company Data is stored by Invarosoft to ensure performance of pages which would ordinarily be unable to serve quickly the data stored in the third-party applications.
- Invarosoft Issue Description & Form Data is only stored for 30 days from the ticket being logged. After 30 days the data is deleted from our systems and a log entry is made in our system of this action. Partners of Invarosoft can request to change the time-frame that Invarosoft deletes this data to a minimum of 48 hours.