Print Friendly and PDF
Follow

General Data Protection Regulation (GDPR) and Leadspace

July 2018

Leadspace does not process sensitive personal data. Leadspace's services do not include any processing of data related to consumer-activities, data covered by specific US legislation such as social security numbers,health-related data, education related data, personal information related to children, credit reports, other financial data and government issued IDs. Furthermore, Leadspace's services do not process any "special categories of data", as this term is defined by Regulation (EU) 2016/679 ("GDPR").

Leadspace employs adequate privacy and information security controls, to meet US laws, and general practice standards. Leadspace has also performed a comprehensive program to support Leadspace customers' GDPR-related regulatory needs.

A summary of Leadspace's information security and privacy measures and controls:

  • Leadspace employs adequate information security measures, procedures and policies, backed by certifications and annual audits to the ISO 27001 and 22301 Information Security and Business Continuity Management standards.
  • At customers' request and subject to appropriate confidentiality arrangements, Leadspace is able to provide summary reports of third party information security audits and penetration tests.
  • Leadspace fully encrypts customer data in transmission and at rest.
  • Leadspace employs GDPR-related procedures and policies, including breach management and notification, data retention, impact assessments, assistance to controllers in executing data subject rights and records of processing.
  • Leadspace is certified with the EU-US Privacy Shield Framework and received the necessary statements and certifications to verify that Leadspace's agents (as this term is referred to under the principles of the Privacy Shield Framework) provide the same level of protection. The statement of certification is available at: https://www.privacyshield.gov/participant?id=a2zt0000000PBV4AAO&status=Active
  • Leadspace offers its customers a standard data processing agreement (DPA), alongside the Software Service Agreement, to support the processing of GDPR-covered personal data. The current version of the DPA is available at: https://resources.leadspace.com/dpa/dpa.
  • Leadspace keeps the data on secured servers of known hosting services (Amazon, IBM Cloud and Google Cloud Platform), with adequate attestations of compliance and certifications. Additional information about their practices, including their compliance with international standards can be found at:

https://www.ibm.com/cloud/compliance;

http://aws.amazon.com/compliance/;

https://cloud.google.com/security/compliance/

  • Leadspace maintains transparent privacy practices and publishes its privacy notice at: https://www.leadspace.com/privacy-notice/;
  • Leadspace receives appropriate representations and warranties of compliance with laws from service providers and data sources.
  • Leadspace provides individuals with opt-out options from mailing lists and from sharing data with third parties.
  • Leadspace maintains on-boarding and annual security and privacy training to its personnel.
  • Leadspace has formed a team to manage on-going privacy-related issues.
  • Leadspace receives on-going legal and compliance guidance from Leadspace's counsel, who is a Certified Information Privacy Professional (CIPP/US and CIPP/E).
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.