GDPR AND AXIS' COMPLIANCE
Our policy is to respect all laws that apply to our business and this includes the EU General Data Protection Regulation (GDPR). We also appreciate that our customers have requirements under GDPR that are directly impacted by their use of Axis’s products.
Axis will be doing the following to ensure compliance with GDPR:
- Where we are transferring personal data outside of the EU, Axis will have the appropriate data transfer mechanisms in place as required by GDPR. These will meet defined industry standards and best practices.
- Axis commits to follow appropriate security measures and precautions in accordance with GDPR.
- Axis will assist with notifying regulators and data controllers of breaches and promptly communicating any breaches to customers and users.
- We will ensure that employees authorised to process personal data have committed to confidentiality.
- We will hold any sub-processors that handle personal data, including our data centre partners, to the same data management, security, and privacy practices and standards to which we hold ourselves.
- Axis will assist our customers, insofar as possible, to respond to data subject requests our customers may receive under the GDPR.
CONDITIONS FOR PROCESSING
Article 6 of the GDPR states the conditions required for processing personal. Processing under legitimate interest is one of these six distinct legal grounds upon which personal data can be processed. Another of the six distinct legal grounds is that the data subject has consented to the processing.
THE RIGHT TO BE FORGOTTEN
The right to be forgotten or the right to erasure requires processors to erase personal data (1) upon the request of the data subject to which it pertains; or (2) when “the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.”
Axis allows you to:
- Automatically erase personal data. By default, Axis will only hold information on workshops for 12 months from the date of the workshop.
- Delete workshop data in its entirety immediately when an its facilitator or an administrator selects to do so
- Provide facilitators with a copy of the data Axis holds on them, update it or request its deletion upon their request.
ENHANCED RIGHTS TO NOTICE AND ACCESS
Pursuant to Article 15, data subjects now have additional rights to access their individual personal data that is subject to processing. The data can be provided to the data subject in the form of a CSV file, which will satisfy the GDPR requirement of data portability in Article 20.
THE RIGHT TO OBJECT
Article 21 of the GDPR grants data subjects an unequivocal right to object to their personal data being processed for direct marketing purposes and related profiling. Users who object, can be removed from all future communications.
WHERE DOES AXIS STORE AND SEND DATA?
CAN YOU HOST MY DATA ELSEWHERE?
Yes. Whilst standard data hosting location determinations are based on reducing latency and achieving optimal performance for our users, other data centres can be specified as part of contractual agreements.
HOW DOES AXIS HANDLE TRANSFER OF DATA OUTSIDE OF THE EU?
If you use our services from Europe, we store your data in servers located either in Europe. If data needs to leave the European Economic Area (through contractual agreement or usage), we and our affiliates commit to only access, use, store or share your personal data in accordance with the ISO27001 framework and subject to any EU Model Clauses.
WILL AXIS SIGN STANDARD CONTRACTUAL CLAUSES OR MODEL CLAUSES?
Yes. Axis provides adequate mechanism for the transfer of personal data from the EU to the U.S. and can agree to Model Clauses where applicable.
CAN I OPT OUT OF HAVING MY DATA COLLECTED OR SHARED?
HOW DOES AXIS SECURE MY DATA?
We’re committed to the development and continual improvement of Information Security and Data Protection and its supporting information security management system in line with ISO27001 principles/framework, in order to provide;
- Assurance with legal, regulatory and contractual obligations
- Reputation management
- Protection of critical assets
- Protection of Personal Identifiable Information (PII) as defined by the 2018 Data Protection Act and the GDPR.
DOES AXIS USE PROCESSORS TO FURTHER PROCESS CUSTOMER DATA?
A list of our processors can be found on our Processors List.
WHO CAN I CONTACT WITH QUESTIONS REGARDING GDPR?