Crises Control GDPR Compliance

The General Data Protection Regulation (GDPR) is a sweeping new EU law that went into effect in all EU Member States on May 25, 2018. It mandates how companies can collect, store, delete, modify and otherwise process personal data of EU citizens. It applies to any company that processes personal data of EU citizens, regardless of whether it has any physical presence in the EU, or even whether it has any EU customers. Companies are also required to pass these obligations down to all of their vendors and suppliers who may also handle personal data of EU citizens anywhere in the world. Despite Brexit, the UK is committed to stay compliant with the GDPR.

Under EU law, personal data means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. It doesn’t have to be confidential or sensitive to qualify as personal data.

Where we are the processors of your data, our obligation is to ensure that this data is processed lawfully, fairly and transparently as agreed by our clients and to maintain appropriate security controls. Processing here means maintaining the confidentiality, availability, integrity and security of the data, the servers and network where the data is held. Where it is exceptionally necessary to access a client database to investigate a client issue, we will always seek the client’s permission. We work hard to protect Crises Control and our users from unauthorised access to or unauthorised alteration, disclosure or destruction of information that we hold. In particular:

• We encrypt many of our services using SSL.
• We offer two factor authentication (2FA) verification when you access your Crises Control Account.
• We use Cloudflare Advance Security to protect and secure the application and APIs against denial-of-service attacks, customer data compromise, and abusive bots.
• We encrypt data whilst at rest.

  We use Cloudflare for fast Global Content Delivery Network, which speeds up web page loading times. Cloudflare are certified under the EU-US and Swiss-US Privacy Shield frameworks for onward transfers of EU data to the United States. (See https://www.cloudflare.com/privacyshield/).

   We have Data Protection Addendum (DPA), which is a contractual agreement in place with Cloudflare to protect our customer’s data to EU- GDPR standards.

• We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorised access to systems.

• We restrict access to personal information to Crises Control employees, contractors and agents who need to know that information in order to process it for us and who are subject to strict contractual confidentiality obligations. They may be disciplined, or their contract terminated if they fail to meet these obligations.
• We are ISO 27001, ISO 9001 certified
• We employ certified GDPR practitioners to maintain and improve security standards.

Our Privacy Policy can be found at the bottom of the Crises Control website. Click here to view the Privacy Policy.