CUBE GDPR Information Center
On May 25th, 2018 the EU General Data Protection Regulation (GDPR) entered into force in the European Union. To answer any GDPR-related inquiries, we have created CodeTwo GDPR Information Center – a place where you can find all information about CodeTwo and the GDPR.
Privacy and security of your personal data
In CodeTwo, we care deeply about the privacy and security of your personal data. While processing personal data, we are always bound by these principles:
- we do not collect more information than it is necessary;
- we do not use your data for purposes other than those specified in Privacy Policy;
- we do not keep your data if it is no longer needed;
- we do not disclose your data in cases other than those specified in Privacy Policy.
We are also committed to providing our clients with solutions that make it easier for them to comply with GDPR.
How has CUBE ensured GDPR compliance?
CUBE has engaged external advisors to make sure that its operations and processes meet the requirements of the GDPR. CUBE has undertaken the following actions to comply with the GDPR:
1. Defining the context of organization
CUBE has carefully analyzed the context in which it operates and identified relevant entities and their roles within personal data lifecycle;
2. Internal controls
CUBE has implemented processes and controls to make sure that no vital decisions regarding personal data processing and information security system can be made without a prior analysis and necessary internal approvals;
3. Internal procedures
CUBE has defined an extensive set of procedures describing the personal data processing and information security system, including procedures governing exercising data subjects rights;
4. Data Security Officer and Compliance
CUBE has designated a Data Security Officer – a person who is responsible for maintaining personal data security system and compliance program;
5. Data retention periods and scope of processed data
We have introduced and documented data retention periods and reviewed our processes against the scope of collected personal data to make sure that the data minimization principle is fulfilled;
6. Third parties
We have updated contracts with third parties to make sure that all contracts contain relevant data protection provisions required by GDPR and introduce a verification process to make sure that entities which do not guarantee security of personal data cannot become our business partners;
7. International Data Transfers
CUBE has reviewed contracts with third parties located outside of the EEA and updated relevant transfer mechanisms to make sure that international data transfers comply with the GDPR and that these third parties guarantee an adequate level of protection of personal data;
8. Services’ documentation
We have introduced a new, updated Privacy Policy to make sure that they properly reflect the requirements of the GDPR;
9. Training and awareness
We have prepared training materials on the GDPR and data security which are constantly available for all members of CUBE personnel. No one can start working in CUBE without being trained on the relevant GDPR provisions. All members of CUBE personnel undergo the training periodically.
Constant enhancements and control
We are fully aware that compliance with the GDPR is an ongoing process. Therefore, we have committed ourselves to undergo an external GDPR-compliance audit once a year.
We have also employed our new and proprietary software development methodology to make sure that personal data protection principles are encoded in our products by design. We are working on several other initiatives as well.
How CUBE’s solutions can help your company stay GDPR compliant?
Our products are equipped with features that can help your company stay GDPR compliant.
If you have any questions related to CUBE compliance with the GDPR or you want to know more about how we ensure the protection of your personal data, contact us.