Conviform ensures
conformance to global regulations and industry practices in order to maintain
privacy and security of its customer’s data. All our products provide GDPR-ready
capabilities
to help our customers meet their compliance obligations. Conviform extends these
capabilities
not only to customers in the EU, but to all our customers worldwide. To
strengthen an individual's
rights to privacy, the European Union brought about the General Data Protection
Regulation
or GDPR, fortifying existing directives on data protection. The Regulation
issued by the
European Union applies to businesses processing personal data of European
residents, and
has been in force since 25th May 2018.
Committed to protecting our customers personal data, Conviform is here to
help our customers
understand significance of the GDPR, its requirements and our allegiance to
align with global
standards.
7 Key Principles of the GDPR
The GDPR encourages businesses to be responsible about an individual’s
data. By ensuring
protection and privacy of this data, businesses earn customer trust and they are
likely to
engage better with the business. GDPR provides a framework for businesses to
standardize
and regularize real-world security and privacy needs of an individual's data
used for business
purposes.
The key principles which the GDPR requires businesses to operate on are:
1. Lawful, fair and transparent processing: Emphasizes transparency for all
individuals i.e.
when data is collected, businesses must be clear as to why data is being
collected and what
will it be used for.
2. Purpose limitation: Collect data, only for the purpose you need it for.
That is, data
collected for specific purposes/reasons cannot be further processed in a manner
incompatible
with those purposes/reasons.
3. Data minimization: Ensure data captured is adequate, relevant and
limited. Based on this
principle, organizations must ensure they store minimum amount of data required
for their
purpose.
4. Accurate and up-to-date processing: Data controllers must ensure
information remains accurate,
valid and fit for purpose. To comply, organizations must institute processes and
policies
to address how they maintain data they are processing and storing it.
5. Limitation of storage in a form that permits identification: Have control
over storage
and movement of data within the organization. This includes implementing and
enforcing data
retention policies, and preventing unauthorised movement and storage of data.
6. Confidential and secure: An organization collecting and processing data
is solely responsible
for implementing appropriate security measures to protect the individuals data.
7. Accountability and liability: Organizations must be able to demonstrate
adoption of necessary
steps to protect an individual’s personal data, and be able to pull up every
step within
the GDPR strategy as evidence.
Effective compliance addresses data privacy and security requirements no
matter where your
business is located, or what industry you belong to. At Conviform we optimize
business value
from our products and services by adhering to necessary standards and policies.
Hence, our
cloud ecosystem is capable of providing a robust and scalable structure for safe
processing
of your, and your customer's data. All our products are GDPR compliant and come
with in-built
features that help you meet your compliance needs. GDPR-ready features in all
Conviform products
are made available to all our customers worldwide. This means GDPR recommended
principles
for privacy and security of personal data have been extended to customers even
outside the
EU.
Deliver business value by optimizing service efficiency with secure and scalable systems for collecting, storing and processing data.
Increase customer and partner awareness on regulation requirements, ensuring consistent application of data protection measures.
Drive business performance through continuous improvement, best practices and innovation so that we provide you the best.
Individual Rights, Subject Access, and Communication
Conviform GDPR program thoroughly evaluates how Conviform, both as a data
controller and processor
is placed with its existing procedures for readiness to, provide rights of
individuals under
GDPR and, assist customers in responding to data access requests from
individuals.
Lawful processing Conviform GDPR program emphasizes on transparency of data
processed by establishing
processes that help easily respond to requests from customers wanting to know
what data Spin
360 has about them. Information of what data is collected, stored and processed
can be obtained
from our Privacy Notice
Accountability
Our leaders commit to support and provide guidelines for data protection
compliance through
a framework of standard policies and procedures. Conviform defines metrics for
monitoring
and governing health of the privacy notice which is independently run under the
direct control
of the Management Steering Committee.
Customer's Personal Data with Conviform
Conviform delivers on our customer’s privacy objective by maintaining
processing records of
customer’s data. Periodic and need based Privacy Impact Analysis (PIA) across
data flow and
process maps aids in keeping our program aligned with ever changing business and
technology
landscapes.
Privacy by Design and Default
Programs, projects, and processes at Conviform are aligned to privacy
principles right from
inception of an idea or project, thereby supporting Privacy by Design and
Default principles.
Read more on privacy-ready features of our products here.
Opt out of analytics
As part of Conviform commitment to uphold privacy, Conviform products provide
options to opt
out of analytics. Customers can terminate sharing of data for the purpose of
analytics. Reach
out to your Account Executive for more on enabling the same for your support
account.
Data Hosting
Conviform ensures data is hosted within centers qualified by global IT
standards and regulations.
Providing multiple locations to host data (upon purchase of appropriate plans)
to suit needs
of its customers, Conviform data centers are located in United States, Europe,
India and Australia.
List of sub-processors
Conviform GDPR program ensures any 3rd party vendor/sub-processors is also
accountable for
protection of an individual’s personal data. These obligations are established
by way of
contracts that also include providing sufficient guarantee to implement
appropriate technical
and organisational measures as specified in the Regulation.
