GDPR & data processing information
Certify takes data privacy very seriously. We're handling personally identifiable information on your behalf and we do our utmost to protect that data is protected.
We've worked tirelessly to ensure that we comply with both EU General Data Protection Regulation (GDPR), and the EEA, Swiss, and UK Standard Contractual Clauses (SCC's).
In the context of Certify's services, you as the customer determine the purpose and means of processing of personal data and are therefore the “data controller” under the EU Directive. Certify, as the entity which processes personal data on behalf of, and at the direction of, the data controller, is the “data processor.”
For information relating to data privacy for your recipients, please read our article: Data Privacy and Right to be Forgotten
What is GDPR?
On May 25, 2018, the General Data Protection Regulation (GDPR) officially took effect. For European individuals, GDPR expands their data privacy rights and gives them more power to control their data. For companies that process the personal data of these European individuals, GDPR requires compliance with a new set of regulations.
GDPR outlines specific requirements that these companies must satisfy, as well as specific rights that European individuals can exercise with these companies. Further information on GDPR is available on the European Union’s official website: https://ec.europa.eu/info/law/law-topic/data-protection_en.
Data processing agreement
We offer a Data Processing Agreement (DPA) as part of our terms and conditions. DPAs include standard contractual clauses ("Model Clauses") that are the mechanism for GDPR/EEA, Swiss, and UK SCC-compliant data transfer. The DPA includes all the information on:
What we do to protect your data.
What we're allowed to do with your data.
Who we share your data with to provide our service (e.g. our hosting provider).
Contact us for a copy of our DPA.
Features to support GDPR requirements
Certify can help you meet your data portability requirements for GDPR and the EEA, Swiss, and UK SCCs. You can easily export data from your account and you can submit a request to remove data at any time.
Privacy policy
Our privacy policy can be found at: https://www.certifyskills.co.uk/privacy-policy/
Certify & third parties
Certify works with a small number of organisations to provide service to customers. These sub-processors:
Provide communication tools enabling Certify to email our customers or respond to our customers’ support requests or the requests of our customers recipients.
Provide hosting and backup solutions as part of Certify's services.
Certify maintains contractual safeguards to ensure that relevant industry standard data protection mechanisms are maintained for these subcontractors.
Our agreements clearly state that we're not able to share your data with any third party that's not bound by our data privacy agreement and that isn't named on our data privacy agreement.
We've formed contractual relationships with our suppliers to ensure full legal and process protection for your data in accordance with EU privacy law.
Data storage
Data is stored at a location hosted by Digital Ocean, which is a secure SOC 2-certified data centre. Certify data is hosted in servers located in the US and the EU.
More information regarding Digital Ocean's certifications can be found here: https://www.digitalocean.com/trust/certification-reports