Yoxel’s Corporate GDPR Statement

In May 2018, the EU General Data Protection Regulation (GDPR) replaces the existing 1995 EU Data Protection Directive (European Directive 95/46/EC). Yoxel currently complies with applicable data protection regulations and is committed to high standards of information security, data privacy, and transparency, and to managing data in accordance with legislation and regulation, including but not limited to GDPR.

Yoxel attests that it will comply with applicable GDPR regulations as a data processor for synchronization services, while also working in conjunction with our customers, the data controllers, to help them meet their GDPR obligations.

Yoxel has three main areas of focus in preparing for GDPR:

• Building on existing security and business continuity management policies, processes and controls, to ensure compliance.
• Performing gap and privacy assessment to support GDPR compliance for its customers.
• Provision of services to help customers to understand and prepare for GDPR.

It is important to stress that compliance is a shared responsibility and that customers may also need to adapt their business processes, data management practices, and integrations. Yoxel attests that customers of its synchronization solutions remain the owners of the data, retaining the rights, title, and interest to their data and can take advantage of the features inherent in our services to meet their GDPR obligations related to deletion, rectification, transfer of, access to, and objection to processing of personal data. Yoxel protects data from inappropriate access or use and provides customers with the ability to specify who has access to what data within each domain or branch.

As a data processor, Yoxel is undertaking assessments of the data and personal information processed, security policies and procedures, contracts with data controllers, sub-contractors. Incident response plans and data retention will be reviewed and updated where needed. Yoxel is committed to providing solutions to support its customers’ GDPR obligations, whether through standard features or modifications or enhancements of its synchronization services’ features and configurations. Yoxel also commits to providing advice regarding optional features or integrations of the service to its customers, potential compliance issues, how to support the enhanced rights of the data subjects and their requests. To this end, Yoxel already does and will continue to offer:

• Improved data availability, privacy (including encryption both at rest and at transit) and consent management solutions.
• Software modifications, to remove or render optional non-compliant features of the services for its customers, plus adding new to better support the GDPR obligations, including the enhanced rights of its customers and their end users.
• Support of customers’ requests in locations within the European Union, so as to ensure that our customers can comply with the GDPR provisions regarding international data transfers.
• Use of industry-leading and security-certified cloud infrastructure providers and data centers with a high level of security, data confidentiality, integrity, and availability.
• Continuous monitoring of the synchronization infrastructure and auditing of logged events.
• Multi-vendor encrypted backups to ensure data integrity and availability even in the event of a disaster or failure.
• Deployment of security safeguard and update of the company’s Data Breach Management Policy to fully comply with GDPR provisions regarding data breach incidents.
• Each synchronization service has built in security features, such as comprehensive role based access control, encryption in transit, encryption at rest, application scoping, access, logging, monitoring, and data minimization.
• Prompt response to any privacy-related issue or request or notification or question our customer may have, as part of their GDPR-compliance efforts.

Furthermore Yoxel attests that: all Yoxel staff are familiar with GDPR and their personal responsibilities and are adequately trained upon induction and annually (or sooner if there is a major legislation change); the Privacy Policy for its services is accurate, written in plain language and provides sufficient detail on what information is selected, how it is used and what is and is not acceptable use of the service; processing is lawful, fair and transparent; data are collected for a specific purpose (synchronization) and the data are necessary for the purpose, can be kept accurate by means of the service features and not kept for longer than necessary; data and infrastructure are kept secure; Yoxel does not process sensitive information; Yoxel has a notification process in case of breach.

If you have any questions, please contact us at privacy (at) yoxel (dot) com.