GDPR Compliance Statement
GDPR is an opportunity to build a stronger data protection foundation for the benefit of all. Action Oriented Corporation referred to as “AOC” is committed to ensuring that our products and services are GDPR compliant.
GDPR Compliance Statement
AOC has prepared this statement to provide our customers with information regarding the impact of the GDPR, the steps taken by AOC to ensure our compliance with the GDPR, and the ways in which we can assist and support our accounts and users (as data controllers) with their respective obligations under the GDPR.
Overview Of GDPR
The General Data Protection Regulation (“GDPR”) is a comprehensive data protection law that regulates the use of personal data of EU residents and provides individuals rights to exercise control over their data. The GDPR does not only apply to European companies, it extends to any organization worldwide that targets or offers services or products to EU residents.
The GDPR requires companies to be transparent and accountable for their use of personal data, and to be able to demonstrate this to both regulators and the individuals concerned. There is no requirement for personal data to stay in the EU, but transfers outside of the European Economic Area are restricted, meaning that unless the European Commission has assessed the country’s privacy regime and declared it to be “adequate”, the data must be further protected by contract, or other EU-approved means. For any transfers to non-adequate countries, AOC’s Data Processing Addendum incorporates
such EU-approved means, namely the European Commission’s standard contractual clauses. Customers can rely on these protections to transfer EU personal data using our services.
Continue reading below to learn more about AOC’s GDPR compliance.
Compliance, Account & User Support
AOC complies with the GDPR in the delivery of our products and services to our users. We are also dedicated to helping our users comply with their respective GDPR obligations. In support of these commitments, we have established and resourced a specialized team including a dedicated Data Protection Officer. Further, we have made enhancements to our services, agreements, policies, and internal processes as necessary to satisfy our obligations under the GDPR.
Compliance With Customer Instructions
As a data processor, AOC is committed to processing personal data only as instructed by applicable accounts and users. We have updated our internal policies to ensure that all AOC colleagues who have access to personal data shall only process such personal data on behalf of and in accordance with the documented instructions of the relevant accounts and users. In addition, we have incorporated our Data Processing Addendum into our agreements to ensure that our accounts and users comply with GDPR requirements.
AOC fulfills different roles in respect of different data but is committed to meeting and exceeding its obligations under the GDPR.
Data Minimization
AOC only collects and processes the minimum personal data necessary to provide the relevant services on behalf of our users. In addition, we do not
knowingly collect and/or process sensitive or special categories of personal data.
Data Protection Impact Assessment
As a data processor, AOC is committed to supporting our customers in respect of data protection impact assessments including data transfer impact assessments and/or prior consultations that may be required. As a data controller, AOC complies with its obligations under the GDPR and our data protection team regularly complete privacy impact assessments where personal data is used or collected.
Data Protection Training And Awareness
AOC ensures that all of our colleagues are aware of their obligations under the GDPR and complete annual training on their role-specific responsibilities. Our commitment to data protection training and awareness supports AOC’s commitment to meeting and exceeding our obligations under the GDPR.
Individuals’ Rights
AOC has updated its IT systems and internal policies to assist with our obligation to respond to requests by data subjects to exercise their rights under the GDPR.
Security
AOC has implemented and maintains appropriate technical and organizational measures to ensure the processing of personal data meets the requirements of the GDPR, including technical and organizational measures to protect the security, confidentiality, availability and integrity of personal data (including protection against unauthorized or unlawful processing and against accidental or unlawful destruction, loss or alteration or damage,
unauthorized disclosure of, or access to, personal data). Such technical and organizational measures may include (as appropriate based on the risk to data subjects): (a) the pseudonymisation and encryption of personal data;
(b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; (c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and (d) a process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing of personal data.
AOC treats all personal data processed on behalf of our users as confidential information and ensures that all AOC colleagues, agents and contractors engaged in the processing of personal data are informed of the confidential nature of such personal data. AOC ensures that (a) access to personal data is limited to those performing services in accordance with the relevant account and user agreement; and (b) all such colleagues, agents and contractors are committed to confidentiality (or are under an appropriate statutory obligation of confidentiality) and receive appropriate training on their responsibilities.
AOC will assist our accounts and users in ensuring compliance with their respective security obligations under the GDPR.
AOC has obtained a number of security certifications, which provide third- party assurance that AOC has implemented security best practices.
Right To Audit
AOC regularly completes internal and external audits for a variety of reasons including to support our industry standard attestations and certifications.
Our Data Processing Addendum details our approach to audit rights which allow customers to verify AOC’s compliance with its data protection obligations including our obligations under the GDPR.
Responding To Personal Data Breaches
AOC has updated its policies as necessary to ensure that it provides notice to accounts and users of a personal data breach without undue delay following the discovery of such personal data breach. AOC shall also reasonably assist and cooperate as instructed by accounts and users with any internal investigation or external investigation by third parties, such as law enforcement.
Use Of Sub-Processors
AOC engages with carefully selected subprocessors. The provision of certain accounts may require us to commission additional subprocessors. In such a case, we will post additional subprocessors. At AOC, security and privacy is paramount. Accordingly, we impose data protection terms on each subprocessor with which we work to maintain compliance.
Cross Border Data Transfers
AOC has incorporated the latest European Commission’s standard contractual clauses into our Data Processing Addendum. Further, AOC has issued a notice regarding its Certification Under the Data Privacy Framework Program.
Law Enforcement Requests
AOC is legally required to disclose data that it hosts when it receives valid legal process from a law enforcement authority with jurisdiction. Our Data Processing Addendum details our policies and practices regarding government requests for data about our accounts and users.
Contact Us
Please contact AOC’s Data Protection Officer (DPO) with any questions or concerns.
Email: hello@actionorientedcorporation.com Address:
Data Protection Officer Arslan Riaz
Arslan Riaz House 37, Street 22, Chaklala Scheme 3, Pakistan