EU Global Data Protection Regulation (GDPR) Compliance

As a global company offering applied banking insights, PrecisionLender has always operated with a Security First mindset. With the implementation of the EU GDPR in May 2018, we recognize our responsibilities as a Data Processor for our customers and continue to focus on privacy, security, and data protection. These priorities strongly align with the goals of GDPR.
To begin, PrecisionLender has undergone a rigorous review process to assess where and how our relevant services collect, use, store and dispose of personal data. While GDPR did not introduce significant, new requirements to our privacy and security practices, we’ve been hard at work to ensure not only full compliance, but also to provide tools to help our customers meet their Data Controller related compliance objectives including:

  • Data Sovereignty

PrecisionLender is a Software-as-a-Service (SaaS) product and is hosted within Microsoft Azure. To support clients with specific data sovereignty requirements, Microsoft Azure has Data Centers around the globe. PrecisionLender can provide local instances of the application to support each client’s unique data sovereignty requirements.

  • Data Processing Addendum incorporating GDPR principles

We offer a GDPR-compliant Data Processing Addendum (DPA) that incorporates the EU Standard Contractual Clauses, also known as the EU Model Clauses, and our data security and privacy measures. The DPA ensures that any transfer of personal data outside of the European Union in connection with the services offered will be performed in compliance with the GDPR.

  • Data Security & Privacy

Along with a secure and highly scalable architecture, PrecisionLender maintains rigorous technical and organizational security controls and measures. We continually monitor the data privacy and security landscape and evaluate industry best practices to not only meet but exceed applicable standards and regulations. To learn more, please review our PrecisionLender Security Overview as well as our Privacy Policy which provides greater transparency into our practices.

Bottom line, our solutions are GDPR-ready, and we’re excited about being your partner in fully addressing this important regulation.

Subprocessors

PrecisionLender currently uses third-party subprocessors for various services. Prior to engaging any third-party subprocessor who may process personal data, PrecisionLender evaluates their privacy, security and data protection practices. PrecisionLender also requires its subprocessors to be bound by written agreements that address the GDPR requirements and will review documentation to validate their compliance. Provided below is information on the entity, location, and activities performed by each subprocessor.

Subprocessor Role / Activities Performed Geographic Location Means of lawful transfer of data from the EU
Microsoft Azure Cloud based application hosting platform – infrastructure and storage Based upon client’s data sovereignty needs

 

EU-U.S. Privacy Shield and EU Model Clauses
Salesforce Cloud based client relationship management system United States EU-U.S. Privacy Shield
Zendesk Cloud based client support and communications system United States EU-U.S. Privacy Shield
Postmark Cloud based email provider for the application and client support system United States EU-U.S. Privacy Shield
Atlassian Internal communication and issue tracking systems United States EU-U.S. Privacy Shield

Updates

Updates to PrecisionLender’s list of Subprocessors will be posted to this page. Please check back frequently for updates.
Last Updated: November 7, 2018