At Reflexis we are committed to working with our customers in accordance with the General Data Protection Regulation (GDPR). The GDPR introduced enhanced data privacy laws to match the evolving technological landscape. These changes came into effect on May 25, 2018. Besides strengthening and standardizing data privacy across the EU nations, it required new or additional obligations on all organizations that handle EU citizens’ personal data, regardless of where the organizations themselves are located. On this page, we’ll explain our commitment to GDPR compliance.
The Reflexis GDPR Commitment
Our Commitment to Protecting Your Data
Our global team has taken measures to achieve GDPR compliance through:
- Working with an external security advisory organisation.
- Continuing to invest in our security infrastructure.
- Making sure we have the appropriate contractual terms in place.
- Ensuring we can support international data transfers by maintaining our Privacy Shield self-certifications, and by executing Standard Contractual Clauses through our updated Data Processing.
- Confirming our policies include new tools for data portability and data management where necessary.
- Ensuring that under all circumstances user consent for data processing meets the new requirements.
- Reviewing breach notification procedures.
- Reinforcing all data protection and retention processes.
- Reflexis will continue to monitor the guidance around GDPR compliance from official government regulatory bodies, and will adjust our plans accordingly if any changes occur.
Our Security Infrastructure and Certifications
Protecting our customers’ information privacy is extremely important to us. As we offer cloud-based products we are entrusted with some of our customers’ most valuable data and we’ve set high standards for security. Reflexis has achieved its SOC 2 Type II attestation and we’re currently investing in achieving SOC 3 attestation.
Reflexis has invested heavily in building a robust security team, one that can handle a variety of issues — everything from threat detection to building new tools. In accordance with GDPR requirements around security incident notifications, Reflexis will continue to meet its obligations and offer contractual assurances.
International Data Transfers: Privacy Shield and Contractual Terms
To comply with EU data protection laws around international data transfer mechanisms, we are self-certified under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield. These frameworks were developed to establish a way for companies to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States.
Reflexis also incorporates Standard Contractual Clauses approved by the EU Commission when it enters contracts with its clients. The Standard Contractual Clauses will enable the parties to protect personal information where otherwise data is being transferred outside the European Economic Area, and the EU Commission has not deemed it adequately protected by the country’s laws.
Data Portability Solutions and Data Management Tools
Customers have requested tools to help them comply with the GDPR. We understand our customers concerns and we are looking to offer data portability and personal data tools that assist with data exports. Information about the features and functionalities of these tools will be shared with you as it becomes available.
Fulfilling our privacy and data security commitments is important to us. This page will be revised to reflect GDPR-related information as it becomes available. Please get in touch if you have any questions related to how Reflexis is becoming compliant with the GDPR.
Reflexis Systems, Inc.
3 Allied Drive, Suite 220
Dedham, MA 02026
Phone: +1 (781) 493-3400