Purpose of this Statement
Invisible is committed to compliance with the General Data Protection Regulation (GDPR), which will go into effect May 25, 2018 and will be one of the strictest pieces of privacy legislation globally. Since GDPR was announced, we’ve been tightening up our policies and procedures to make sure we meet these requirements, and, as a final step, we are launching new online terms to address our obligations to you. The GDPR applies to all organisations established in the EEA but also to organisations established outside the EEA, when their processing activities relate to the offering of goods and services to individuals in the EEA or to the monitoring of individuals' behaviour within the EEA. The regulation contains the most significant changes to European data privacy legislation in the last 20 years. It is designed to give EU citizens more control over their data and seeks to unify a number of existing privacy and security laws under one comprehensive law. Our customers can trust that Invisible has made GDPR a priority and has devoted significant and strategic resources toward our efforts to comply with GDPR. Invisible believes that privacy is a very important right for citizens and wishes to assure all the company’s customers that we are working hard on ensuring compliance in all areas of our business. When this statement mentions “Invisible,” “we,” “us,” or “our,” it refers to the "Avora Holdings LTD."
Within this statement we wanted to highlight to our customers the measures we have put in place to ensure compliance with the GDPR where we hold or process personal data on your behalf.
What Invisible is doing
Like many other global software companies, Invisible is in the process of rolling out its company-wide GDPR compliance strategy leading up to May 2018 and beyond. Invisible appreciates that our customers have requirements under GDPR that are directly impacted by their use of Invisible products and services, and Invisible is committed to helping our customers fulfill their requirements under GDPR and local law.
Below are a few examples of initiatives Invisible has committed to in order to comply GDPR requirements that apply to both Invisible and our customers:
- Ensuring our products are designed in accordance with ISO27001, ISO27002 and ISO27018 standards. These standards mirror many of the security and privacy requirements of GDPR and will help give our customers a transparent framework to measure our software development and data management practices. We are currently in the process of certifying our products and services for ISO and will pursue certifications as soon as possible thereafter.
- Committing to follow any additional security and privacy measures required under GDPR.
- Where we are transferring data outside of the EU, committing to appropriate data transfer mechanisms as required by GDPR. This includes our current adherence to Privacy Shield standard.
- Assisting with respect to security and privacy of processing, notifying regulators of breaches, and promptly communicating any breaches to customers and user.
- Assisting with data processing security and privacy requirements, notifying regulators of personal data breaches and promptly communicating any such breaches to our customers and end-users.
- Ensuring Invisible staff that access and process Invisible customer personal data have been trained in handling that data and are bound to maintain the confidentiality and security of that data.
- Holding any vendors that handle personal data to the same data management, security, and privacy practices and standards to which we hold ourselves.
- Commiting to carrying out data impact assessments and consulting with EU regulators where appropriate.
Where does Invisible send my data?
Our goal is to provide our customers with secure, fast, and reliable services. We run our services with common operational practices and features across multiple jurisdictions. Today, Invisible hosting compute resources in the Microsoft Azure data centers located in the EU and in the US. Invisible personnel may need access to data stored in the EU from a non-EU country (e.g., US) for technical and support related reasons.
Our primary principles
Invisible is 100% committed to customers success and the protection of customer data, which is why our customers can count on our commitment to GDPR compliance.
- You own your data, and we’re committed to protecting your privacy.
- Our customer focused culture ensures that security is a top priority.
- We strive to adhere to widely accepted standards and regulations to keep you at ease.
- We are transparent with our policies to help you understand how we manage your data.
Validating our Practices
Independent third-party audits
- We use independent third-parties to audit our practices against most sought after standards and regulations in the world. These reviews occur on a regular basis and are conducted by globally-respected audit and security firms that are independent and thorough in their evaluations. We take their reports seriously and have processes in place to address any issues that present risks to us or our customers.
External and internal application security testing
- Our security team performs automated and manual application security testing and network vulnerability testing on an on-going basis to identify and patch potential security vulnerabilities and bugs on our desktop, web, and mobile applications. We also work with third-party security specialists, as well as other industry security research community members.
- A critical part of any information security management program is the continual improvement of security and compliance programs, systems, and controls. Invisible is committed to soliciting feedback from different internal teams, customers, internal and external auditors, and improving our security, privacy and compliance processes and controls over time.
Protecting your privacy
This policy is intended to help you understand:
- What information we collect about you
- How we use information we collect
- How we share information we collect
- How we store and secure information we collect
- How to access and control your information
- Other important privacy information
650 Castro St,
Mountain View, CA 94041
E-Mail: [email protected]