Legal

GDPR

Our Commitment to GDPR Compliance

At 21RISK, we prioritize the privacy and security of our customers' data and adhere strictly to the General Data Protection Regulation (GDPR) requirements. As a Data Processor, we are committed to safeguarding the personal data we process on behalf of our customers and to meeting the high standards of data protection expected under the GDPR.

How We Comply with GDPR

  • Strict Adherence to Controller Instructions We process data only on documented instructions from our customers (Data Controllers), as specified in our Data Processing Agreement (DPA) . This ensures that data is handled precisely as intended by the Controller and is never processed beyond its specified purpose. The users for each organization are in control of which users they wan't to invite to use the platform, and therefore which data they want us to process.

  • Robust Security Measures We implement significant measures to protect personal data, but first and foremost we work under the principle of don't collect any data that is not strictly relevant, thus we never collect any hardward id's or other identifiable data that we don't need to. The little personal data we do collect on data subjects are stored and proccessed in accordance with our Security Documentation

  • Subprocessor Transparency and Accountability 21RISK only partners with subprocessors that meet GDPR compliance standards. We thoroughly vet and monitor each subprocessor, ensuring that they adhere to our strict data protection requirements. We are transparent about the Subprocessors we use.

  • Data Subject Rights Assistance We assist any data subject who wishes to exercise their rights under the GDPR. most of these rights are explicitly handled within the platform, such as access and correction. deletion requests can be made by contacting our support team. and will be handled promptly. however for security purposes we have to delete your user, since we need to use emails to verify the identity of data subjects.

  • Data Breach Response In the event of a personal data breach, 21RISK has an established Incident Response Plan to detect, respond to, and mitigate incidents effectively. We notify our customers without undue delay of any breach that affects personal data, helping them meet their obligations to report the breach to supervisory authorities and affected data subjects if required.

  • Regular Audits and Compliance Monitoring We perform regular audits and maintain comprehensive records to verify and demonstrate GDPR compliance. Our commitment to transparency ensures our customers can trust in our processes and have access to the necessary information about our data protection practices.

  • End-of-Contract Data Handling Upon the termination of our services, we ensure that all personal data is securely deleted or returned to the customer, as outlined in our DPA. This commitment to secure data handling helps our customers maintain compliance even after data processing concludes.

At 21RISK, data privacy isn’t just about compliance; it’s about trust. Our GDPR adherence reflects our commitment to protecting data and upholding the rights and freedoms of individuals. For more details on how we protect data, please explore our Security documentation . or review our Data Processing Agreement (DPA) .

previous DPA
next