The EU General Data Protection Regulation (“GDPR”) harmonizes and establishes a minimum standard of data and privacy protection across the European Union.
In essence, GDPR codifies the fundamental rights and freedoms of natural persons in the protection and processing of their personal data. Correspondingly, it requires data controllers and data processors, such as Emetry, to implement appropriate security measures and safeguards for personal data processing.
Similarly, the California Consumer Privacy Act (“CCPA”) provides safeguards and protections for all consumers resident in our home state in much the same way as the GDPR.
At Emetry, we are committed to ensuring the security and protection of the personal information that we process. Our software and data science teams consider data security and privacy a primary factor of their work and build our systems within industry best-practices and guidelines.
Emetry is classified as a “data processor”. This is a specific term that distinguishes the difference between parties who collect data and those who process it. As such, Emetry does not collect data and instead receives data from our clients, who are “data controllers”. We take our responsibility in this relationship seriously and work with our clients to make sure that all data remains secure when in our system, and that we respond immediately to all requests regarding specific data.
Our GDPR and CCPA preparations have included a comprehensive review of relevant internal processes, procedures and documentation. Additionally, we have and continue to actively develop and implement data protection policies, procedures, controls and security measures for GDPR and CCPA compliance.
Policies & Procedures
Emetry has and continues to develop data protection policies and procedures addressing the requirements and standards of the GDPR and CCPA including:
Our internal policies and procedures are being developed with GDPR, CCPA, and other similar protections, in mind. We have and continue to develop accountability and governance measures (including privacy by design) to raise awareness of and promote compliance with our data protection obligations and responsibilities.
We have and continue to update our retention policies and schedules in consideration of ‘data minimization’ and ‘storage limitation’ principles.
We have and continue to develop safeguards and security measures for identifying, assessing, investigating and reporting personal data breaches.
International Data Transfers
The vast majority of data processed by Emetry originates from, and remains within, the United States. To the extent that Emetry transfers personal information from the EU/EEA, we do so to the United States only. Additionally, we have and continue to develop our policies and procedures for securing and maintaining the integrity of the data. When such data transfers involve external recipients, we request recipients verify that they have appropriate safeguards to protect the personal information and to comply with data subject rights and requests.
Data Subject Request
As our software and systems evolve, we will continue to provide additional capabilities for data subject requests. At this time, we have developed a more manual request process that complies with GDPR and CCPA data subject requests.