The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a European data protection regulation that went into effect on May 25th, 2018. With it comes a new set of digital rights for EU citizens, and organizations around the world which are doing business with the EU who are obligated to ensure their organizational and operational processes and procedures are fully compliant.
Apptimize takes data privacy and data security very seriously, and has taken the following steps to ensure GDPR compliance:
Privacy by Default: By default Apptimize collects no Personal Data or Personally Identifiable Information. Data collected by Apptimize undergoes various forms of pseudonymisation which further strengthens data security and end user privacy.
Information Security Team: Apptimize has established an Information Security Team and has appointed a Data Protection Officer to be involved in all issues related to the protection of personal data, and to monitor compliance with the GDPR and any new regulations that may impact data privacy and security.
Training: Apptimize conducts regular organization-wide training educating employees on data privacy / protection policies and best practices. Additionally, more in-depth trainings for employees who are involved in the processing of data are conducted.
Records of Processing: As a data Processor Apptimize maintains records of all processing activities carried out on behalf of our customers (Controllers).
Right to be Forgotten: Apptimize respects the right to be forgotten and will delete or retrieve data associated with any given user identified upon customer request.
Disaster Planning and Security Policies: Apptimize has documented and validated disaster recovery, risk management, information security, and security development policies.
Legal: Apptimize contractually stands by its privacy policies, and has a Data Processing Addendum (DPA) to address all legal aspects of the GDPR.
Disable Functionality: Apptimize provides the capability to disable all functionality for users on a user-by-user basis. This will allows our customers (data controllers) to comply with customer requests individually.