Percept AI is fully GDPR compliant.
At Percept AI, we understand the importance of protecting the security and privacy of customer data, and we are committed to partnering with our clients to help them understand and prepare for the General Data Protection Regulation (GDPR). The GDPR is the most comprehensive EU data privacy law in decades, and will go into effect on May 25, 2018.
Under the GDPR guidelines, our customer is the Data Controller, and Percept AI is a Data Processor. This means the customer will determine the purposes and means of processing Personal Data, while we as the Data Processor processes data on behalf of the Data Controller.
Personal Data in the context of the GDPR includes any information which can identify an end user such as their name, email address, postal address, username and IP address. Depending on the use case, a subset of these information will be stored in or transmitted via the Percept AI services, by, or on behalf of, our customers and their end-users.
Here we list some of our main efforts in pursuance of GDPR compliance:
At Percept AI, our engineering team has invested heavily into our security systems to make sure our customers’ data are protected with high security standards by utilizing the state-of-art application and system security techniques.
All communication with our service is performed through a secure connection. We do not provide any non-SSL endpoints. Data encryption is applied wherever possible which means that even in transit between our servers, your data is kept encrypted. All our servers are firewalled and kept updated with the latest security patches. All security keys and passwords stored by our application on your behalf are kept encrypted at rest.
We also work with independent third-party security firms to run regular security reviews and penetration tests. The latest review results will be shared with our customers upon request.
Under GDPR, EU data subjects are entitled to exercise the rights listed below. Here the data subjects include both our customers (also known as “business users”) and their end users. For business users, the request must be sent from the same email as the account owner. For end users, the user must provide identification information that matches with the Personal Data collected in our system.
We respond to requests within 30 days. However, it may take longer to complete the request. We’ll be sure to let you know these details over email. We use any information you give us in your request only to fulfill the request and delete it within 12 months.
All data subjects can request full access to their user's data by contacting email@example.com. For end users, this is limited to their own user profile and all the interactions that they have had with the Percept AI system.
For business users, most of their data can be viewed and edited directly through our console page. For information that are not available in console, please contact us to request modification.
All data subjects can request to have their personal data deleted by contacting firstname.lastname@example.org. For end users, this is limited to their own user profile and only the interactions that they have had with the Percept AI system.
All data subjects can ask for their personal data to stop being used in certain cases. Simply contact us at email@example.com and we will process your request.
Upon request, we provide full export of a data subject’s account data in machine readable format. Please send the request to firstname.lastname@example.org.
Similar to Right to Erasure, we handle all requests on this matter from all our customers and their end users. Simply contact us at email@example.com and we will process your request.
Percept AI uses sub-processors to assist in providing our Service. A sub-processor is a third party data processor engaged by Percept AI, who has or potentially will have access to or process service data (which may contain personal data). Percept AI evaluates the security, privacy and confidentiality practices of proposed sub-processors that have access to or process service data both before they are engaged and on an ongoing basis.
The following is an up-to-date list (as of July 2018) of the names and locations of Percept AI sub-processors:
We provide standard DPAs for our customers, which documents our responsibilities as a Data Processor and our approach to collecting, processing and storing Personal Data. If you are a customer who needs a signed DPA, please send an email to firstname.lastname@example.org using the same email address as the account owner. Here is an example of our DPA.
We have appointed a DPO that can be reached at email@example.com should you have any further questions regarding our data protection policy.