Flexential GDPR Policy Statement

FLEXENTIAL AND GDPR

Following is information about the General Data Protection Regulation and Flexential’s commitment to its requirements.

Overview

Now in effect, the EU General Data Protection Regulation is a sweeping set of rules designed to protect the integrity and use of data of EU subjects. It supersedes the previous regulation – the EU Data Protection Directive or Directive 95/46/EC – and further strengthens the rights that EU subjects have over their data.

Statement

Flexential is committed to privacy protection and has designed its service offerings to be compliant with all applicable requirements of GDPR.

In Flexential’s capacity as a service provider to our customers, we may be identified as a data “processor” under GDPR, even though we do not actively collect personally identifiable information in the EU. It is your responsibility as a data controller to ensure you are compliant with GDPR. While leveraging services provided by Flexential, including our data center cloud infrastructure, our customers maintain full control over their data.

Our team has worked diligently to address GDPR, and we will work with you to verify that our infrastructure and services meet your needs and requirements under GDPR.

If you are concerned about establishing and maintaining GDPR compliance, contact your account manager to discuss entering into Flexential’s data protection agreement. We offer several services to help establish and maintain your GDPR data security compliance.

GDPR regulations

Flexential can assist you in several ways to maintain compliance with the regulations set forth by GDPR, including:

Data collection, storage and use: Flexential offers the supporting infrastructure and data services to provide the levels of control our customers need to retain control over their data when leveraging our services. This includes “right to access” data records, data rectification or correction, restriction of processing and full deletion of a customer record when requested by the customer, commonly referred to as the “right to be forgotten.”

Data security and controls: Flexential maintains a robust security and compliance program designed to safeguard all data. We have completed the following certifications and assessments which support GDPR compliance:

• ISO 27001
• SOC 1
• SOC 2
• HIPAA/HITRUST
• PCI DSS
• FISMA (NIST 800-53)
• ITAR

Flexential completes independent third-party assessments annually.

Data export: If we transfer personal data to countries such that we are required to apply appropriate safeguards to your personal data under European data protection laws, we rely on lawful cross-border transfer mechanisms and safeguards.

Third parties: Flexential maintains GDPR agreements with our third-party partners identified as sub-processors, as required by GDPR. A list of third-party sub-processors can be found on our customer portal that is accessible by all Flexential customers.

For more information

Additional detail about our approach to GDPR can be found in our GDPR-compliant privacy statement.

For more information, or to enter into Flexential’s data protection agreement, please contact your Flexential account representative.