The EU General Data Protection Regulation (GDPR) is now in effect, and Caerus is here to support you in meeting its requirements.
What Is GDPR?
GDPR is setting a new standard for how organizations collect, use, and protect EU citizens’ personal information. With the growing concern for data safety, this law is designed to restore the confidence of the public.
GDPR Implications For Your Organization
Whether or not an organisation is based in the EU, all businesses that control or process personal information of EU citizens have to do so in accordance with the GDPR requirements.
Caerus is responsible for ensuring that your personal information is processed in accordance with the GDPR requirements. Because of this, we are also responsible for ensuring that any workplace service providers that you use will process the personal information of your EU citizen Users in accordance with the GDPR requirements.
Caerus' Commitment : Caerus is committed to supporting you in ensuring that your use of our tool meets the GDPR requirements. Here are some of the measures that Caerus has put in place to reflect that:
1. Caerus Contractual Terms Reflect GDPR Requirements
Caerus has prepared a Data Processing Addendum that contains the GDPR contractual requirements. Where applicable, this Data Processing Addendum is incorporated into our Terms of Service, available at www.caerus.scot/legal/data.
Our contractual commitments relevant to GDPR are that:
- Caerus will be transparent and never use your personal information other than as instructed by you,
- Caerus will maintain appropriate technical and organisational security measures to protect your personal information,
- Caerus will assist you with requests regarding your personal information that is processed using our services.
2. Caerus Will Continue To Improve Its Security Infrastructures
Caerus is committed to maintaining appropriate technical and organisational security measures to protect your personal information in line with the GDPR requirements.
Our commitments to maintaining our security measures are as follows:
- Caerus ensures that, to the extent possible, your personal information is anonymised,
- Caerus ensures that your personal information is encrypted in transit,
- Caerus has measures in place to ensure the ongoing confidentiality, integrity, availability, and resilience of Caerus processing systems and services,
- Caerus can restore the availability and access to your personal information in a timely manner in the event of a physical or technical incident, and
- Caerus has a process for regularly testing, assessing, and evaluating the effectiveness of technical and organisational measures to ensure the security of your personal information through the use of regular vulnerability and pentesting.
3. For more details regarding Caerus' commitment to invest in its security infrastructures, we invite you to read our Data Processing Addendum.
4. Caerus Complies With GDPR International Data Transfer Mechanisms
GDPR does not require personal information of EU citizens to be stored in the EU. GDPR does, however, require transfers of EU citizens’ personal information outside of the EU to comply with certain international data transfer standards. One of these standards is that prior to transferring an EU citizen’s personal information to a third country, the European Commission must have decided that the third country ensures an adequate level of protection.
Caerus is committed to ensuring that all transfers of your personal information are and will be in compliance with the required international data transfer standards.
Caerus is located in Scotland, UK and is subject to EU privacy laws.
As your data processor, Caerus transfers your personal information to only two third-party subprocessors: our data center provider and our database service management provider. Both of these subprocessors are located in the UK.
As your data processor, Caerus transfers some of your personal information to one third-party subprocessor: our email management provider called SendGrid for the purpose of sending emails. This subprocessors is certified under the E.U.-U.S. Privacy Shield, a framework negotiated and agreed upon by the European Commission and U.S. Department of Commerce as a lawful way of transferring personal data.
5. Caerus' Products Are Designed To Help You Meet Your GDPR Requirements
Caerus is committed to making every effort to build product features that help you meet your GDPR requirements.
Caerus ensures that you can meet the GDPR data portability requirements by providing, among others, features that permit you to export some of the employees’ personal information.
Caerus is here for you. Please contact us at firstname.lastname@example.org if you have any GDPR-specific questions.