Ansarada and GDPR

The European Union’s General Data Protection Regulation (GDPR) went into effect on May 25, 2018, with an aim to protect the rights of EU citizens as it relates to the collection, storing, processing, tracking, and use of the personal data of these citizens.  As part of our commitment to our customers, we were ready when the GDPR came into effect, and we have ensured we have stayed compliant ever since. 

The protection of our customers and their data (personal or commercial) is something we take very seriously here at Ansarada, and considerable action has been taken to ensure we are up to speed with any new developments as they have arisen. In June 2020, the European Union’s top court invalidated the Privacy Shield, which had previously facilitated data transfers between the EU and the USA. In June 2021, the European Commission released highly anticipated new Standard Contractual Clauses for cross-border data transfers. With every development, we have been ready – and have demonstrated a consistent commitment to the protection of our customers and their data.  

At Ansarada, we adhere to the principles expressly stipulated by the GDPR. All personal data collected by Ansarada shall be:

• processed lawfully, fairly and in a transparent manner;
• collected for specified, explicit and legitimate purposes;
• kept in a form which identifies data subjects for no longer than is necessary;
• processed in a way that ensures appropriate security;
• accessible by the data subject, and may be readily deleted if the data subject so wishes.  
   

We are GDPR ready - and always will be

Due to the sensitive nature of the data that passes through our products, security and privacy have always been paramount at Ansarada. While the GDPR imposed certain changes, the requirements did not represent a material change to the processes and safeguards we maintained prior.

With that said, our Product, Marketing, Legal and Compliance teams have all worked together to ensure we continue our existing approach of “Privacy by Design” and apply that to the changing laws for the protection of our customers. Other areas we have, and continue to address as part of our GDPR compliance include:

• UX enhancements to our onboarding to ensure users and customers are fully aware and opting in to storing their data with Ansarada.
• Defining, producing, and implementing clear processes for access to personal information by users and customers.
• Reviewing our contractual framework, including assessing any third party arrangements we have in place with agencies, contractors and/or suppliers.
• Auditing and reviews of all systems and software we use to carry out business at Ansarada.

Security & Compliance at Ansarada

We proudly maintain ISO 27001 certification - the gold standard for information security management.

Whilst quite a lot of data that passes through our products does not fall under the scope of GDPR, it is of course confidential information and precious to you, and therefore handled in accordance with our robust security standards. We are applying the same rigorous standards to the privacy of the personal information we process.

We have a documented process for escalation and reporting breaches and continue to invest, improve and report these in line with our ISO 27001 certification requirements.

Secure data management

Ansarada data is hosted on the Amazon Web Services (AWS) platform, whose infrastructure guarantees the following data security:

• All data is stored and encrypted at rest with 256-bit encryption
• File level encryption with information rights management policies to track, expire and prevent printing of documents
• Virtual elimination of risks from Trojan viruses, worms, and application vulnerabilities
• All data uploaded into the Data Room is encrypted through HTTPS/SSL
• The Ansarada platform is multi-tenant guaranteeing data segregation that ensures privacy
• 99.98% system availability

AWS has the following information security certifications to ensure information stored by Ansarada is fully secure.

• SOC 1/SSAE 3402
• SOC2
• SOC 3
• FISMA, DIACAP, FedRAMP
• PCI DSS Level 1
• ISO 27001
• ITAR
• FIPS 140-2

In addition:

Ansarada supports single sign on and multi-factor authentication.

Whilst the European Data Protection Terms that you agree to as part of our Terms of Service do specifically reference the 2021 Standard Contractual Clauses, if you do require a Data Protection Agreement (DPA) or if you would otherwise like to discuss our GDPR status further, please contact our legal and compliance team on the following: [email protected] or our Data Protection Officer, Chris Bullock on the following: [email protected]