How has Guance prepared for GDPR?
- Data Security Agreement: Guance signs a data security agreement with customers. The agreement clarifies the responsibilities and obligations between Guance and customers, including data protection measures, data transmission, etc. https://docs.guance.com/agreements/confidentiality/
- Data access control: Guance provides authentication and authorization mechanisms to ensure that only authorized personnel can access customers' personal data.
- Data security and protection measures: Guance adopts a series of technical and organizational measures to protect the security of customers' personal data, including data encryption, access control, security audit and monitoring, etc.
- Data retention period: Guance has formulated a data retention policy, which clearly stipulates the retention period of customer data. Guance only retains the necessary time, and the data retention time does not exceed the required purpose.
- Data Protection Impact Assessment (DPIA): Guance conducts data protection impact assessments to assess data processing activities that may pose high risks to the rights and freedoms of data subjects. This helps identify potential risks and take appropriate steps to mitigate and manage them.
What security measures has Guance taken to protect customer data under GDPR?
- Data processing records: Guance keeps data processing records required by GDPR. These records include information such as data processing activities, data transmission, data security measures, etc., in order to cooperate with customers in fulfilling their record keeping obligations under GDPR.
- Data subject rights support: Guance assists customers in handling data subject requests, such as access, correction, deletion and other rights. Guance provides the appropriate tools and processes so that customers can effectively respond to these requests.
- Assist customers to respond to regulatory requirements: As a data processor, Guance acts as a bridge to communicate with regulatory agencies to ensure that customers' compliance matters in handling activity investigations and inquiries are properly handled. During this process, Guance will provide necessary information and documentation and support clients in responding to regulatory agency requests.
Does Guance use sub-processors?
- In order to provide our services, Guance may engage third-party organizations, which we refer to as sub-processors, to perform data processing activities involving access to customer data.
- The following are the sub-processors, their locations, and the types of services they provide to Guance:
|Vendor||Country||Type of Service|
|Amazon Web Services, Inc.||United States||Infrastructure Provider|
|Alibaba Cloud Computing Co. Ltd.||China||Infrastructure Provider|
|Amazon Web Services, Inc.||United States||Email Notification Services|
How will Guance respond to data subject requests?
- Guance has defined processes to respond to data subject requests, including consent, via firstname.lastname@example.org
Where can I learn more about Guance security and privacy efforts?
- An overview of our agreements: https://docs.guance.com/en/agreements/
- The Legal Declaration about Guance: https://docs.guance.com/en/agreements/legal-declaration/
- Data Security Confidentiality Agreement for users of Guance: https://docs.guance.com/en/agreements/confidentiality/