Data Protection Policy
Customers DNA Analytics is a legal entity within EU that acts as a data processor on behalf of its clients (data controllers).
Customers DNA Analytics takes very seriously data protection, ensuring full compliance with GDPR.
Personal & Sensitive data are not exchanged and processed without being encrypted using a strong encryption method.
Any files’ transfer is done through SFTP and with the files to be encrypted using a strong encryption method.
In case of any personal or sensitive data that is accidentally exchanged from the data controller without being encrypted, Customers DNA Analytics will erase it immediately and inform the data controller within 48 hrs.
All data are processed and stored in physical storage in the EU and for the period that are used for the scope of the project. In case of Cloud storage usage, client will have to be informed in order to approve it.
Backup processes are in place to ensure that data can be successfully restored from backups if required.
All active data & backups are permanently deleted after the completion of the project and expiration of the respective contract.
Our approach is to set a very limited number of users (usually up to two) that have exclusive access to data of each account and only during the period of the project implementation / maintenance. A strong password policy is followed to lower overall risk of security breach.
No access of any clients’ data is given to 3rd parties. Customers DNA Analytics is the exclusive data processor of Clients’ data.
All necessary software is in place and up to date to ensure security.
Any issue or question should be communicated to the DPO using the following email address: GDPR@Customers-DNA.com