EU Global Data Protection Regulation (GDPR) Compliance
As a global company offering applied banking insights, PrecisionLender has always operated with a Security First mindset. With the implementation of the EU GDPR in May 2018, we recognize our responsibilities as a Data Processor for our customers and continue to focus on privacy, security, and data protection. These priorities strongly align with the goals of GDPR.
To begin, PrecisionLender has undergone a rigorous review process to assess where and how our relevant services collect, use, store and dispose of personal data. While GDPR did not introduce significant, new requirements to our privacy and security practices, we’ve been hard at work to ensure not only full compliance, but also to provide tools to help our customers meet their Data Controller related compliance objectives including:
- Data Sovereignty
PrecisionLender is a Software-as-a-Service (SaaS) product and is hosted within Microsoft Azure. To support clients with specific data sovereignty requirements, Microsoft Azure has Data Centers around the globe. PrecisionLender can provide local instances of the application to support each client’s unique data sovereignty requirements.
- Data Processing Addendum incorporating GDPR principles
We offer a GDPR-compliant Data Processing Addendum (DPA) that incorporates the EU Standard Contractual Clauses, also known as the EU Model Clauses, and our data security and privacy measures. The DPA ensures that any transfer of personal data outside of the European Union in connection with the services offered will be performed in compliance with the GDPR.
- Data Security & Privacy
Bottom line, our solutions are GDPR-ready, and we’re excited about being your partner in fully addressing this important regulation.
PrecisionLender currently uses third-party subprocessors for various services. Prior to engaging any third-party subprocessor who may process personal data, PrecisionLender evaluates their privacy, security and data protection practices. PrecisionLender also requires its subprocessors to be bound by written agreements that address the GDPR requirements and will review documentation to validate their compliance. Provided below is information on the entity, location, and activities performed by each subprocessor.
|Subprocessor||Role / Activities Performed||Geographic Location||Means of lawful transfer of data from the EU|
|Microsoft Azure||Cloud based application hosting platform – infrastructure and storage||Based upon client’s data sovereignty needs
|EU-U.S. Privacy Shield and EU Model Clauses|
|Salesforce||Cloud based client relationship management system||United States||EU-U.S. Privacy Shield|
|Zendesk||Cloud based client support and communications system||United States||EU-U.S. Privacy Shield|
|Postmark||Cloud based email provider for the application and client support system||United States||EU-U.S. Privacy Shield|
|Atlassian||Internal communication and issue tracking systems||United States||EU-U.S. Privacy Shield|
Updates to PrecisionLender’s list of Subprocessors will be posted to this page. Please check back frequently for updates.
Last Updated: November 7, 2018