GDPR & Data Processing Information
Accredible takes data privacy extremely seriously. We're handling personally identifiable information on your behalf and we do everything we can to protect that data.
We've worked hard to ensure that comply with the EU General Data Protection Regulation (GDPR).
In the context of Accredible’s services, you as the customer determine the purpose and means of processing of personal data and are therefore the “data controller” under the EU Directive. Accredible, as the entity which processes personal data on behalf of, and at the direction of, the data controller, is the “data processor.”
For information relating to data privacy for your recipients, please read: Data Privacy and Right to be Forgotten
What Is GDPR?
On May 25, 2018, the General Data Protection Regulation (GDPR) officially took effect. For European individuals, GDPR expands their data privacy rights and gives them more power to control their data. For companies that process the personal data of these European individuals, GDPR requires compliance with a new set of regulations.
GDPR outlines specific requirements that these companies must satisfy, as well as specific rights that European individuals can exercise with these companies. Further information on GDPR is available on the European Union’s official website: https://ec.europa.eu/info/law/law-topic/data-protection_en.
Data Processing Agreement
We offer a Data Processing Agreement (DPA) as part of our terms and conditions. DPAs include standard contractual clauses ("Model Clauses") that are the mechanism for GDPR-compliant data transfer. The DPA includes all the information on:
- What we do to protect your data.
- What we're allowed to do with your data.
- Who we share your data with to provide our service (e.g. our hosting provider).
Read the DPA here: https://www.accredible.com/dpa/
Features To Support GDPR Requirements
Accredible can help you meet your data portability requirements for GDPR. You can easily export data from your account and you can submit a request to remove data at any time.
Accredible & Third Parties
Accredible works with a small number of organizations to provide service to customers. These sub-processors:
- Provide communication tools enabling Accredible to email our customers or
respond to our customers’ support requests or the requests of our customers
- Provide hosting and backup solutions as part of Accredible’s services.
Accredible maintains contractual safeguards to ensure that relevant industry
standard data protection mechanisms are maintained for these subcontractors.
Our agreements clearly state that we're not able to share your data with any third party that's not bound by our data privacy agreement and that isn't named on our data privacy agreement.
We've formed contractual relationships with our suppliers to ensure full legal and process protection for your data in accordance with EU privacy law.
Data is stored at a location hosted by AWS, which is a secure tier 3 SOC 2-certified
data center. All data is hosted within the US.