In May 2018, the EU General Data Protection Regulation (GDPR) replaced the existing 1995 EU Data Protection Directive (European Directive 95/46/EC). We are committed to safeguard your privacy and ensure data protection. We do not collect and/or process users’ personal information beyond what is required for the functioning of our applications, technology platform and services.
Elemica currently complies with applicable data protection regulations and is committed to GDPR compliance across its relevant services. Elemica has a dedicated internal team made up of cross-functional stakeholders overseeing Elemica’s GDPR readiness. Elemica’s ongoing compliance efforts include:
Reviewing where and how our relevant services collect, use, store and dispose of personal data and updating policies, standards, governance and documentation as needed.
Working in conjunction with our partners and customers, Elemica is reviewing our contractual commitments and updating as needed to directly address GDPR requirements. Elemica has released a Data Processing Addendum (DPA) with provisions to assist our partners and customers with their GDPR compliance; our DPA is available by emailing our legal department at Elemicalegal@elemica.com. Elemica has also reviewed its existing supplier contracts to ensure GDPR compliance throughout its supply chain and will continue to conduct due diligence as new suppliers are onboarded.
In addition to ensuring Elemica’s contractual commitments meet the requirements to legally transfer data from the EU to the rest of the world under applicable law.
All Elemica employees must complete data privacy and security training which includes GDPR-specific content. In addition to these training requirements, Elemica conducts ongoing awareness initiatives on a variety of topics, including data protection, security and privacy.
Compliance with the GDPR requires a partnership between Elemica and our partners and customers in their use of applicable Elemica services. In this context, Elemica generally will act as a data processor and our partners and customers generally will act as data controllers. Working together, we hope to explore opportunities within our relevant service offerings to assist our partners and customers meet their GDPR obligations. In the meantime, Elemica encourages partners and customers to independently familiarize themselves with the GDPR.
We have reviewed the portability and transferability of data and found that none of our applications store unique end-user content or data that end users do not already possess.
We have enhanced data integrity and security, streamlining the process and procedures for our cloud applications by implementing these data security actions:
• Encrypt, anonymize or delete user data.
• Perform data audits or assessments.
• Provide access controls.
• Identify personal data being collected or stored. Some of our applications have a different level of personal data collection, usage, storage and disposal. We have defined the purview of personal data for each of these applications and documented the various sources of data to provide a roadmap for compliance.
• Assess any third parties with whom we disclose personal data.
• Establish procedures to respond to data subjects when they exercise their rights.
• Create processes for data breach notification.