Augmentir GDPR Commitment

Last Modified: June 17, 2024

Augmentir is committed to protecting the privacy and data rights of individuals in accordance with the General Data Protection Regulation (GDPR). This document outlines our approach to GDPR compliance and the steps we are taking to ensure that we meet our obligations under the regulation.

Data Residency – Augmentir offers its service in either a US based instance or an EU based instance. Customers can choose between the US or EU instances to best support their data residency needs. Augmentir maintains a sub-processor list which lists what data is processed where and by whom available for each instance.

Support for international data transfers is supported by executing a Data Processing Agreement (DPA) which is available to all customers as needed.

Key Principles

  • Lawfulness, Fairness, and Transparency: We ensure that personal data is processed lawfully, fairly, and transparently, and that individuals are informed about how their data is being used.
  • Purpose Limitation: We collect and process personal data for specified, explicit, and legitimate purposes, and we do not use data for purposes that are incompatible with those purposes.
  • Data Minimization: We only collect and process personal data that is necessary for the purposes for which it is being processed.
  • Accuracy: We take reasonable steps to ensure that personal data is accurate and up-to-date, and we have procedures in place for individuals to correct inaccuracies in their data.
  • Storage Limitation: We do not keep personal data for longer than is necessary for the purposes for which it is being processed.
  • Integrity and Confidentiality: We have measures in place to ensure the security, integrity, and confidentiality of personal data, including procedures for protecting data against unauthorized access, disclosure, alteration, or destruction.
  • Accountability: We have mechanisms in place to demonstrate compliance with GDPR requirements, including maintaining documentation of our data processing activities and implementing appropriate technical and organizational measures to protect personal data.

Roles and Responsibilities

  • Senior Management: Senior management is responsible for overseeing GDPR compliance and ensuring that adequate resources are allocated to achieve compliance.
  • Data Protection Officer (DPO): The DPO is responsible for advising on GDPR compliance, monitoring compliance with GDPR requirements, and acting as a point of contact for data subjects and supervisory authorities.
  • Employees: All employees are responsible for complying with GDPR requirements in the course of their work and for reporting any potential data protection issues to the appropriate personnel.

Key Compliance Measures

  • Data Inventory and Mapping: We maintain an inventory of all personal data collected and processed by the Augmentir service itself, including information about the types of data, purposes of processing, and data flows.
    • Customers can use the Augmentir service to author procedures to collect additional/other data. Augmentir does not inventory and map this other data collected by customers.
  • Augmentir doesn’t collect or process high-risk data.
  • Data Breach Response Plan: We have a documented plan in place for responding to incidents or data breaches, including procedures for notifying data subjects and supervisory authorities.
  • Employee Training: We provide regular training to employees on their responsibilities under GDPR and on best practices for data protection and security.
  • Vendor Management: We have procedures in place for evaluating the GDPR compliance of third-party vendors and for including appropriate data protection
  • Provisions in contracts with vendors who process personal data on our behalf.

Continuous Improvement

We are committed to continuously monitoring and improving our GDPR compliance efforts to adapt to changing regulatory requirements and best practices in data protection.

International Data Transfers

To comply with EU data protection laws around international data transfers to the US we offer to execute Data Processing Agreements. Augmentir has a standard DPA which outlines our strict data security and data protection policies in place based on EU certifications or codes of conduct or international standards. Augmentir is self certified and the DPA contains standard contractual clauses to meet adequacy and security requirements for our customers who operate in the EU or have EU employees.