GDPR Compliance Measures
(last revised on May 30, 2018)
7.ai is committed to respecting all applicable individual rights to privacy including but not limited to rights set forth under the General Data Protection Regulation of the European Union (the “GDPR”). Accordingly, information security, protection of all confidential material entrusted to us, and transparency with respect to individuals who may elect to entrust information to us, are all of the utmost importance to our organization. The following summary sets forth some of the key measures we have set in place to effectuate that commitment, and to meet the enhanced standards for transparency and accountability for personal data uses under the GDPR.
We use personal information in a variety of ways across our products and organization. Specific uses are identified for users of particular products and/or those who elect to use our services, but in general our products and policies limit our collection and use of personal data to online identifiers such as IP address, cookie and device identifiers. We use this information to support our clients in customer engagement and customer acquisition efforts, and to optimize customer website experiences on client websites.
To support all such uses, we have implemented a comprehensive cross-functional effort calculated to ensure full compliance with the GDPR with respect to any role in which we handle sensitive data, whether as controller or processor. Our program includes detailed administrative, technical and operational controls designed to effectuate GDPR principles in all our relevant processes. We have further set in place measures designed to safeguard the data under our care using secure encryption technologies. We also take steps to independently test our security against international standards using third-party auditors. Additional actions we are taking include:
- Implementing new internal controls calculated to enable full compliance with the GDPR and to strengthen the Company’s commitment to respecting all lawful privacy rights;
- Setting in place consent mechanisms to facilitate user consent and withdrawal of consent as appropriate;
- Implementing Privacy by Design in our internal systems and products on an ongoing basis;
- Implementing processes to enable data subjects to exercise their lawful privacy rights with respect to their data;
- Reviewing contracts and contacts with partners to confirm satisfaction of all applicable privacy requirements, including the GDPR;
- In circumstances where we operate as a processor, supporting the controller with respect to all requirements, including data subject rights, incident response, and other matters, in accordance with GDPR Article 28;
- Ensuring that controllers for whom we operate as processors confirm that their instructions are proper and in accord with consents they have secured for the use of data;
- In circumstances where we operate as a controller, ensuring that appropriate consents and/or contractual rights are secured for all uses of personal data;
- Enhancing policies across the organization to ensure compliance and readiness to address any issues, including data subject requests and/or data incidents.
In addition to the measures already set in place, we strive for continuous improvement and therefore review and improve our systems on an ongoing basis. Questions concerning the Company’s GDPR compliance efforts and/or any related matters may be directed to [email protected]