SSC Digital

Book a Call

GDPR COMPLIANCE

At SSC International Ltd., we focus on the development, implementation, maintenance and continuous improvement of our internal processes to protect and secure the personal data of our staff, customers, and business partners, build our customer’s trust and loyalty, and ensure compliance with data privacy and protection requirements.

1. HOW DOES GDPR APPLY AND TO WHOM?

The General Data Protection Regulation (GDPR) is an EU Regulation enhancing the protection of citizens’ personal data within European Union. This Regulation aims to provide greater transparency, protection and control over the personal data of individuals within the European Union (EU) as regards the processing of their personal data.

Regardless of whether an organization is based or not inside of the EU, processing the personal data of individuals within the EU falls under the jurisdiction of the GDPR.

We process personal data on behalf of businesses using our services. The GDPR applies both to us and our clients when our clients are processing personal data of individuals within the EU.


2. HOW DO WE COMPLY WITH GDPR?

We fully comply with the GDPR, as well as all other applicable laws regarding privacy and personal data protection. Our privacy compliance program is designed to align with the most stringent privacy regulations, primarily the GDPR, with necessary adjustments to ensure compliance with other relevant laws.

Ensuring compliance notably starts by raising awareness. Within our company, staff members are informed and trained on their obligations and responsibilities regarding security and data handling, and how to meet these requirements to support our compliance with the GDPR. The contractual agreements with both our staff and third parties who process personal data clearly outline the duty to comply with our internal policies, procedures, instructions, and requirements, including non-disclosure obligations.

We have designated a Data Protection Officer who plays an important role in our GDPR compliance by staying updated on legislative and regulatory developments, keeping our business informed, preparing and reviewing our internal policies and agreements, and by managing formal arrangements
with third parties regarding data protection. Our DPO is also in charge of collaborating with the relevant supervisory authorities and supports us with other privacy and data protection tasks, such as:

  •  Conducting periodic assessments and analyses;
  • Performing in-depth data protection impact assessments for activities likely to result in high risks;
  • Creating and maintaining a detailed register of the performed activities involving the processing of personal data;
  • Embedding data protection by design and default in the systems that are processing personal data;
  • Conducting privacy and personal data protection trainings and awareness campaigns;
  • Actively involved in handling personal data breaches, when necessary;
  • Ensuring the exercise of data subject’s rights.

We have implemented appropriate technical and organisational measures to protect personal data and to effectively prevent the occurrence of GDPR violations. The key measures include:

  • Designation of a representative in the European Union, to be addressed by supervisory authorities and data subject on all issues related to personal data processing subject to GDPR.
  • Processing personal data only for the purposes for which it was collected and informing each category of data subjects regarding the processing of their personal data. To learn more about this, please refer to our Privacy Policy.
  • Determining reasonable data retention periods and implementing procedures and automated mechanisms for the erasure or anonymization of personal data that is no longer necessary.
  • Limiting, both physically and IT-wise, staff access to personal data which is strictly necessary for the performance of their duties (on a need-to-know basis). Access permissions are managed based on role and job requirements.
  • Using two-factor authentication mechanisms, depending on the nature of the information accessed through the computer system and system applications.
  • Tracking and periodically reviewing the activity over computer systems and software applications through logs and detection systems.
  • Using database back-up systems that create, restore and maintain exact copies of personal data, ensuring the prompt recovery of data necessary for business continuity in the event of an incident.
  • Entering into service contracts with vendors only after ensuring a minimum acceptable level of data protection and information security, and signing data protection agreements with them. For more details regarding the technical and organizational security measures we have implemented,
    please visit https://ssc-digital.com/dpa/.

3. WOULD YOU LIKE MORE DETAILS ABOUT OUR GDPR COMPLIANCE?

At SSC International Ltd., we aim to strenghten our customers’ and business partners’ trust and satisfaction by answering any GDPR-related inquiries. If you would like more information or have any questions regarding our GDPR compliance, feel free to contact us at privacy@ssc-digital.com.

We will respond to your request as soon as possible.

Scroll to Top