gdpr compliance
GDPR compliance
GDPR
Aivilon is making sure that our customers, partners, and end-users are compliant with the latest General Data Protection Regulation (“GDPR”) that came into effect on May 25, 2018. Processing of personal data according to GDPR rules is crucial to company values and performance. We at Aivilon understand the importance of data protection and take responsibility for managing GDPR compliance.
What is GDPR?
The General Data Protection Regulation (“GDPR”) is a set of regulations that set guidelines for companies that collect and process the personal data of EU citizens.
Who does the GDPR apply to?
The GDPR applies to any company which processes personal data of EU citizens regardless of where the company’s website is based. Personal data is any type of data that relates to an identified or identifiable living individual.
Is Aivilon a controller or processor?
The Data Controller for the personal data processed by Aivilon is the customer, partner, and end-user. Aivilon, as a Data Processor acting on the instructions of the Data Controller under Terms of Service, Privacy Policy, List of Data Subprocessors will subsequently use that personal data.
What data does Aivilon collect?
Aivilon collects contact information, payment information, website tracking such as IP address, duration of visit, etc. Refer to our Privacy Policy for additional information.
Do you involve subprocessors of the personal data?
Aivilon makes a list of all processors used for hosting or other processing of Service data. You can find the updated list of Subprocessors here. DPAs (Data Processing Agreements) are signed with all involved subprocessors.
What is a DPA?
DPA is a data processing agreement. The GDPR requires data controllers to take measures to ensure the protection of the personal data they handle. So DPA is a document to be entered into between the controller and the processor to regulate the data processing. We are ensuring Data Processing Agreements (DPAs) are signed with all involved processors (partners). You may contact us at support@aivilon.com and we send you a copy of our DPA for signing.
How does Aivilon obtain GDPR compliance?
Vendor/Subprocessor audit
All vendors who act as sub-processors for Aivilon data have been reviewed in respect of GDPR rules and entering into DPAs where necessary. Find the list of our subprocessors here.
The right to erasure
Under certain circumstances, a customer, partner, and end-user can ask for their personal data to be deleted. This is also called ‘the Right to be Forgotten’. This would apply if the personal data is no longer required for the purposes it was collected for. To request personal data to be removed, please email us at support@aivilon.com.
Updated DPA
Our DPA has been revised to reflect both regulatory and operational changes related to GDPR.
Updated Privacy Policy
Our Privacy Policy has been revised to explain who we are, how we collect, share, and use Personal Information.
Ongoing steps
-
Aivilon will continually be evaluating and adding new security and privacy functionality to its products.
-
We always consult with internal and external counsel to follow legal clarifications of the GDPR rules and requirements.
-
Aivilon will be performing a security review to ensure compliance with GDPR security requirements and the industry’s best standards.
-
We are creating a guide for internal processes, conduct research on the GDPR security industry’s best practices.