Quantic's GDPR Commitment
Protecting Your Data
The European Union General Data Protection Regulation (GDPR) went into effect on May 25, 2018. The GDPR implements requirements for all organizations that handle EU citizens’ personal data, regardless of where the organizations are located. On this page, Quantic explains how we comply with the GDPR.
Complying with the GDPR
The GDPR's requirements are significant and our team works diligently to ensure Quantic is in compliance. Measures to achieve this include:
- Investments in security infrastructure
- Updates to relevant privacy policies and terms
- Ensuring we can support international data transfers
- Changes to our platform to include tools for data management
We continue to monitor the guidance around GDPR compliance and update our platform features and terms.
EU-US Data Privacy Framework Certification
Quantic has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework (DPF) Principles with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF Principles. The DPF Certification process is a voluntary program for US organizations to show that they have adequate data protections in place to meet EU requirements regarding the transfer of personal data outside of their territory.To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/
Commitments as a Data Controller
Data controllers are companies that supply goods or services to EU residents, or that track or monitor EU residents and decide why and how data is collected and processed. Data processors are vendors or businesses that process data on behalf of data controllers. As a Data Controller, Quantic is committed to both ensuring our practices are sound within the scope of the GDPR, as well as ensuring we only work with compliant data processors.
In support of this, we have undertaken the following initiatives:
- Information Audit: As part of the GDPR, we have completed a thorough audit of all data collection, data flows, and data processing within Quantic and between us and our cloud vendors.
- Information Asset Register: From our information audit, we have created an information asset register. This allows to ensure we are properly tracking, securing, and when applicable, removing user information across our internal systems.
- Vendor Compliance: We have audited our vendors to ensure they are GDPR compliant.
- Support for Deletion Requests: Quantic has always allowed for users to request deletion of their account and application data. We have implemented additional product messaging to make this feature more widely known.
- Breach Notification Policy: In line with our current policies, Quantic will promptly inform users of any incidents involving user data.
- Lawful Bases Identification: The GDPR allows for a number of lawful bases for processing data. Quantic has documented our bases for data processing and will inform users of changes in the future.
- Product Adjustments: As part of compliance, Quantic will continue to modify the product to ensure we are meeting both regulators' and users' expectations under this law.
The GPDR is a complex law, with many best practices yet to be agreed upon. Quantic is committed to following developments in this area and implementing best practices as they emerge in a timely manner. As a company, we believe the new legal requirements will raise the bar for honoring end users’ rights.