The Crises Control commitment to GDPR compliance
At Crises Control we have taken steps to ensure that our policies, processes, and procedures meet GDPR Compliance requirements.
All Crises Control products are GDPR compliant, and we will continue to monitor updates to GDPR Compliance requirements in order to ensure that they remain so. Every new product or service is evaluated for the impact it could have on user personal data. Employees receive training about protecting the privacy of personal information.
The Crises Control platform is hosted entirely on the cloud. As such we have taken steps to ensure the security of our systems on the cloud.
Crises Control GDPR resources
Data Processing Addendum
If you are a data controller under the GDPR and require a data processing addendum (DPA) in place with Crises Control, send us your DPA agreement, or contact us at [email protected] for our standard DPA document.
FAQ's - About GDPR
The General Data Protection Regulation (GDPR) is a sweeping new EU law that went into effect in all EU Member States on May 25, 2018. It mandates how companies can collect, store, delete, modify and otherwise process personal data of EU citizens. It applies to any company that processes personal data of EU citizens, regardless of whether it has any physical presence in the EU, or even whether it has any EU customers. Companies are also required to pass these obligations down to all of their vendors and suppliers who may also handle personal data of EU citizens anywhere in the world. Despite Brexit, the UK is committed to stay compliant with the GDPR.
Under EU law, personal data means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. It doesn’t have to be confidential or sensitive to qualify as personal data.
Where we are the processors of your data, our obligation is to ensure that this data is processed lawfully, fairly and transparently as agreed by our clients and to maintain appropriate security controls. Processing here means maintaining the confidentiality, availability, integrity and security of the data, the servers and network where the data is held. Where it is exceptionally necessary to access a client database to investigate a client issue, we will always seek the client’s permission. We work hard to protect Crises Control and our users from unauthorised access to or unauthorised alteration, disclosure or destruction of information that we hold. In particular:
- We encrypt many of our services using SSL.
- We offer two factor authentication (2FA) verification when you access your Crises Control Account.
- We use Cloudflare Advance Security to protect and secure the application and APIs against denial-of-service attacks, customer data compromise, and abusive bots.
- We encrypt data whilst at rest.
We use Cloudflare for fast Global Content Delivery Network, which speeds up web page loading times. Cloudflare are certified under the EU-US and Swiss-US Privacy Shield frameworks for onward transfers of EU data to the United States. (See https://www.cloudflare.com/privacyshield/).
We have Data Protection Addendum (DPA), which is a contractual agreement in place with Cloudflare to protect our customer’s data to EU- GDPR standards.
We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorised access to systems.
- We restrict access to personal information to Crises Control employees, contractors and agents who need to know that information in order to process it for us and who are subject to strict contractual confidentiality obligations. They may be disciplined, or their contract terminated if they fail to meet these obligations.
- We are ISO 27001, ISO 9001 certified
- We employ certified GDPR practitioners to maintain and improve security standards.