The Crises Control commitment to GDPR compliance
Crises Control and it’s platforms are GDPR compliant. It’s security framework is governed by ISO/IEC 27001:2013 Information Security Standard and utilises the comprehensive set of security requirements and controls within the General Data Protection Regulation in UK and EEC.
Our security and data privacy controls and procedures are certified by an accredited third-party audit firm under the internationally recognised ISO/IEC 27001:2013 standard.
We continue to monitor updates to GDPR Compliance requirements in order to ensure that we remain so. Every new product update or service is evaluated for the impact it could have on user personal data.
Crises Control Privacy Policy
Our Privacy Policy is a transparent document setting out how we at Crises Control manage data.
The Privacy Policy includes:
- Disclosure of our information handling processes
- Identification of data subject access rights
- Documentation of data flows and records of processing activity
- Commitment to addendums with any vendors who process personal information on our behalf
Cloud Security
The Crises Control platform is hosted entirely on the cloud. As such we have taken steps to ensure the security of our systems on the cloud.
Crises Control measures for information security
- Cloud based systems are hosted on secure EEC based data centres
- Data at rest encryption
- Data in transit is secured by SSL
- Controls are placed on the visibility of Personal Identification Information (PII)
- All around holistic approach to information security standards, including ISO 27001
Crises Control GDPR resources
Data Processing Addendum
If you are a data controller under the GDPR and require a data processing addendum (DPA) in place with Crises Control, send us your DPA agreement, or contact us at [email protected] for our standard DPA document.
Contact us
If you have any questions about our GDPR compliance, Privacy Policy, Cookies Policy, Terms of Use, End User Licence Agreement, or Acceptable Use Policy, feel free to contact us.
- Data Protection, Crises Control Limited, 19 Heather Park Drive, Wembley, London HA0 1SS
- [email protected]
- +44 (0)208 584 4385
FAQs
About GDPR
The General Data Protection Regulation (GDPR) is a sweeping new EU law that went into effect in all EU Member States on May 25, 2018. It mandates how companies can collect, store, delete, modify and otherwise process personal data of EU citizens. It applies to any company that processes personal data of EU citizens, regardless of whether it has any physical presence in the EU, or even whether it has any EU customers. Companies are also required to pass these obligations down to all of their vendors and suppliers who may also handle personal data of EU citizens anywhere in the world. Despite Brexit, the UK is committed to stay compliant with the GDPR.
Under EU law, personal data means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. It doesn’t have to be confidential or sensitive to qualify as personal data.
Where we are the processors of your data, our obligation is to ensure that this data is processed lawfully, fairly and transparently as agreed by our clients and to maintain appropriate security controls. Processing here means maintaining the confidentiality, availability, integrity and security of the data, the servers and network where the data is held. Where it is exceptionally necessary to access a client database to investigate a client issue, we will always seek the client’s permission. We work hard to protect Crises Control and our users from unauthorised access to or unauthorised alteration, disclosure or destruction of information that we hold. In particular:
- We encrypt many of our services using SSL.
- We offer two factor authentication (2FA) verification when you access your Crises Control Account.
- We use Cloudflare Advance Security to protect and secure the application and APIs against denial-of-service attacks, customer data compromise, and abusive bots.
- We encrypt data whilst at rest.
We use Cloudflare for fast Global Content Delivery Network, which speeds up web page loading times. Cloudflare are certified under the EU-US and Swiss-US Privacy Shield frameworks for onward transfers of EU data to the United States. (See https://www.cloudflare.com/privacyshield/).
We have Data Protection Addendum (DPA), which is a contractual agreement in place with Cloudflare to protect our customer’s data to EU- GDPR standards.
We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorised access to systems.
- We restrict access to personal information to Crises Control employees, contractors and agents who need to know that information in order to process it for us and who are subject to strict contractual confidentiality obligations. They may be disciplined, or their contract terminated if they fail to meet these obligations.
- We are ISO 27001, ISO 9001 certified
- We employ certified GDPR practitioners to maintain and improve security standards.
Our Privacy Policy can be found at the bottom of the Crises Control website. Click here to view the Privacy Policy.