General Data Protection Regulation Policy Statement

Scope

This Policy applies where Clutch Technologies, LLC provides services to customers whose end users are resident within the European Union. The personal data required to provide these services falls under the scope of the General Data Protection Regulation (GDPR). 

Clutch Technologies is committed to ensuring that we and our suppliers handle all personal data entrusted to us by our customers, in accordance with our legal obligations under the General Data Protection Regulation.

Clutch collects and uses personal data as a data processor under the GDPR, in order to provide products and services on behalf of our customers. This policy applies to all Clutch employees and contractors, will also apply to any Clutch or third-party systems which store or otherwise process personal data, in our capacity as data processor.

In particular, the company will:

a) Process personal data only on the instructions of our customers, who act as Data Controllers under the GDPR.

b) Ensure our employees are adequately trained in data protection, and committed to maintaining confidentiality.

c) Maintain processes and assist our customers in responding to requests by data subjects to exercise their rights under GDPR.

d) Adopt appropriate technical and organizational security measures to protect the confidentiality, integrity and availability of the personal data we collect, store and transfer on behalf of our customers. 

e) Ensure that all breaches of information security are reported internally and investigated. We will notify any customer whose end user data has been affected, without delay.

f) Adopt a privacy by design and default approach to systems and product development and project management, assisting our customers in carrying out Data Protection Impact Assessments as required to protect the privacy rights of customers and employees.

g) Not further transfer personal data to any data processor outside the European Economic Area, without ensuring appropriate safeguards are in place to protect the privacy of individuals.

h) Make information available to our customers to demonstrate compliance with these obligations.

Version History

REVISION DATE APPROVER DESCRIPTION
0.1 10/14/2019 Sang Venkatraman Initial draft
0.2 10/28/2019 Mark Ogden Revision to focus on data processor obligations under Art. 28 GDPR
1.0 10/31/2019 Sang Venkatraman Final version