GDPR and SOVA

GDPR and SOVA


LAST UPDATED: December 26, 2019

 

I am a SOVA customer. Where can I find your DPA?

Our Data Processing Agreement (DPA) for customers is available by email privacy@sovasystems.com. You will need to verify your status as a Customer of SOVA.

 

What is GDPR and when does it take effect?

The General Data Protection Regulation, or “GDPR”, is Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016. The GDPR is a comprehensive privacy regulation that sets forth the rules for processing the personal data of individuals in the EU (“data subjects”) and the rights of data subjects with respect to their personal data. The GDPR becomes effective on May 25, 2018.

 

What is considered personal data?

Any information relating to an identified or identifiable natural person in the EU is considered personal data under GDPR. An identifiable person is one who can be identified directly or indirectly, particularly by reference to an identifier such as name, email address, identification number, or location, as well as online identifiers such as IP address.

 

What are data controllers and processors?

GDPR applies to both data controllers and processors. A data controller is the party that collects personal data from the data subject for a stated purpose and with the data subject’s consent. A data processor provides services to the controller according to the controller's instructions. In your entity’s relationship with SOVA, you are the Data Controller of your end user’s personal data (your employees and customers) and SOVA is the Data Processor. With respect to your entity’s own data, SOVA is the Data Controller.

 

What does all this mean for organizations subject to GDPR?

First, organizations subject to GDPR need to determine the way(s) in which GDPR applies to them (e.g., whether the organization is a controller and/or a processor). Second, if GDPR applies, organizations need to review their products, services, systems, practices, policies, and procedures to ensure that they comply with applicable GDPR requirements, including the ability to comply with enhanced data subject rights under the GDPR.

 

Do these changes affect SOVA customers in any way?

Yes. We have updated our Website Privacy Policy , our Services Privacy Policy and our Cookies Policy, and when required we are updating contracts with a Data Processing Agreement.


SOVA customers will be notified when the legal terms have been updated. We recommend SOVA customers read the updated terms because using SOVA products and services after the updated terms have gone live will be treated as acceptance of those terms.

 

The GDPR is European Union law. What happens after Brexit?

SOVA is committed to complying with the requirements of the GDPR long-term, regardless of Brexit. The GDPR regulates the “processing,” which includes the collection, storage, transfer or use, of personal data about EU individuals. That means that a company outside the EU that processes personal data about EU individuals will have to comply with GDPR as well. For example, a US based company like SOVA that processes personal data of individuals in France will need to comply with the GDPR.


Our customers are situated all over the world, including in the EU. Additionally, personal data of our Customers’ end-users passes through our data centres, which could be situated inside and outside the EU. This means we process personal data belonging to EU individuals, so it doesn’t matter whether we are based in an EU member state or not - the GDPR will apply to us regardless.

So not only will the GDPR will be brought into UK law under the new Data Protection Bill, designed to ensure data protection measures are maintained after the implementation of Brexit, the GDPR itself will continue to apply to SOVA as well.

 

What has SOVA done to prepare for the GDPR?

We have undertaken the following actions in connection with GDPR compliance:


  • Terms and policies: We have updated our terms of service and privacy policy to bring them in line with the requirements of GDPR, including making them clearer and easier to understand, and including additional detail. We are entering into Data Processing Amendments with current customers and vendors to reflect the parties’ GDPR security obligations and privacy requirements.

  • Privacy by design: We are always reviewing the way we design, build and implement updates and new products and services to ensure data privacy remains a core part of our decision-making processes at every level. We are reviewing our marketing practices to ensure we are communicating with prospects and customers in a manner that respects their rights under GDPR.

  • Data security: We have reviewed our internal data practices and policies to ensure our approach to data is compliant, consistent and clear across our company. We are certifying to Privacy Shield, as a reflection of our commitment to our customers, that we maintain adequate safeguards for transfer of personal data from the EU to the US.

  • Data portability: Our data promise has always been the same - You own your data, not us. We are making ongoing improvements to the portability of our customers’ data, including making sure our data deletion practices comply with GDPR’s right of erasure requirement. Providing a simple means of deleting, modifying, and exporting the personal data of data subjects for our clients.


Finally, while GDPR has driven our evaluation and enhancements, the EU’s ePrivacy Regulation is still being finalized, so further updates and changes may be made to ensure continued compliance with privacy regulations that apply to SOVA’s provision of services and marketing practices.

 

Which sub-processors has SOVA engaged?

The list of sub-processors that SOVA has engaged, in connection with providing services to SOVA Customers can be found here.


SOVA's customers are responsible for making their own independent assessment of GDPR. We encourage all of our customers to discuss the information provided on this page and the potential impact of GDPR with independent legal counsel.

Please note that this page is for informational purposes only and reflects current SOVA product offerings, services, and practices, which are subject to change without notice at any time. This page does not create any commitments or assurances from SOVA and any agreement between SOVA and its customers will continue to govern the rights, responsibilities, and liabilities between SOVA and its customers.

 

Looking for more information? Send an email to privacy@sovasystems.com.


    • Related Articles

    • Approved Mobile Devices For SOVA

      Updated 03-03-2021 SOVA was developed from it's inception to work well with low-end phones. The goal was to give our clients a way to get a replacement device quickly on their own, to minimize the impact on their security operation. Some competing ...

    • Data Processing and Security Terms

      Terms last modified: January 31, 2020 The customer agreeing to these terms ("Customer"), and SOVA Systems or any other entity that directly or indirectly controls, is controlled by, or is under common control with SOVA Systems (as applicable, ...

    • SOVA Privacy Center

      LAST UPDATED: February 22, 2019 Welcome to the SOVA Privacy Center! SOVA respects the privacy of everyone that engages with our platform, and we are committed to being transparent about our privacy processes and policies. In order to provide our ...

    • SaaS Contracting at SOVA

      There are four sets of documents helpful for understanding the terms governing SaaS transactions at SOVA: General Terms and Conditions Order Form SaaS Product Information Privacy and Security Terms The Order Form is your contractual starting point. ...

    • Updating your mobile device to the latest app version

      Tap the Play Store icon in your device  . If you cannot see your Play Store icon, you may need to tap the button at the bottom of your device to show all apps In the Play Store, tap the three horizontal lines at the top left  A menu will open. From ...