Ansarada and GDPR

The European Union’s General Data Protection Regulation went into effect on May 25, 2018, with an aim to protect the rights of EU citizens as it relates to the collection, storing, processing, tracking, and use of the personal data of these citizens.  The United Kingdom followed with the UK General Data Protection Regulation, which went into effect on 1 January 2021.  As part of our commitment to our customers, as well as our commitment to the regulatory system in which we operate, we have continually striven to not only  comply with the above Regulations – we have attempted to apply a gold standard.  

The protection of our customers and their data (personal or commercial) is something we take very seriously here at Ansarada, and considerable action has been taken to ensure we are up to speed with any new developments as they have arisen. In June 2020, the European Union’s top court invalidated the Privacy Shield, which had previously facilitated data transfers between the EU and the USA. In June 2021, the European Commission released highly anticipated new Standard Contractual Clauses for cross-border data transfers.  The operation of the United Kingdom’s regulations continues to evolve.  With every development, we have been ready – and have demonstrated a consistent commitment to the protection of our customers and their data.  

At Ansarada, we adhere to the principles expressly stipulated by the EU and the United Kingdom legislation (collectively, GDPR). All personal data collected by Ansarada shall be:

• processed lawfully, fairly and in a transparent manner;
• collected for specified, explicit and legitimate purposes;
• kept in a form which identifies data subjects for no longer than is necessary;
• processed in a way that ensures appropriate security;
• accessible by the data subject, and may be readily deleted, accessed, or corrected if the data subject so wishes.  
   

We are GDPR ready - and always will be

Due to the sensitive nature of the data that passes through our products, security and privacy have always been paramount at Ansarada. Whilst the GDPR imposed certain changes, the requirements did not represent a material change to the processes and clear safeguards we had previously established.  

With that said, our Product, Marketing, Legal and Compliance teams have all worked together to ensure we continue our existing approach of “Privacy by Design” and apply that to the changing laws for the protection of our customers. Other areas we have, and continue to address as part of our GDPR compliance include:

• UX enhancements to our onboarding, to ensure users and customers are fully aware of, and may actively opt in to storing their data with Ansarada.
• Defining, producing, and implementing clear processes for access to personal information by users and customers.
• Reviewing our contractual framework, including assessing any third-party arrangements we have in place with agencies, contractors and/or suppliers.
• Auditing and reviews of all systems and software we use to carry on business at Ansarada.
   

Security & Compliance at Ansarada

We have proudly maintained ISO 27001 certification since 2009 - the gold standard for information security management.

We apply the same rigorous standards to any data we process and store, regardless of the privacy regime that applies to that data.  We acknowledge the security of your data is of paramount consideration to you, and therefore we have implemented a ‘first-in-class’ privacy and security program that utilises the most robust technology and standards available.    

We have also developed and implemented documented processes for escalating and reporting breaches, and continue to invest upon, and improve these in line with our ISO 27001 certification requirements, and in line with best practice.  
 

Secure data management

Ansarada data is hosted on the Amazon Web Services (AWS) platform, whose infrastructure guarantees the following data security:

• Storage and encryption of all data at rest with 256-bit encryption.
• File level encryption with information rights management policies to track, expire and prevent printing of documents.
• Virtual elimination of risks from Trojan viruses, worms, and application vulnerabilities.
• Encryption of data uploaded through HTTPS/SSL.
• The Ansarada platform is multi-tenant guaranteeing data segregation that ensures privacy
• 99.98% system availability.

AWS holds the following information security certifications, so as to ensure information processing and storage by Ansarada  occurs pursuant to ‘first in class’ standards: 

• SOC 1/SSAE 3402
• SOC2
• SOC 3
• FISMA, DIACAP, FedRAMP
• PCI DSS Level 1
• ISO 27001
• ITAR
• FIPS 140-2

In addition:

Ansarada supports single sign on and multi-factor authentication.

Whilst any European / United Kingdom Data Protection Terms that you agree to as part of our Terms of Service do specifically reference the most in date Standard Contractual Clauses, if you do require a Data Protection Agreement (DPA) or if you would otherwise like to discuss our GDPR status further, please contact our legal and compliance team on the following: [email protected].  Alternatively, you are welcome to discuss any concerns directly with our Data Protection Officer, Chris Bullock, on the following: [email protected]