Direct Connect takes the privacy and data protection of our clients extremely seriously. We are happy to confirm that we are compliant with the General Data Protection Regulation (‘GDPR’) in respect of data which we act as data controller and/or data processor for you and which is transferred out of the EU by us to our servers in Singapore, the US and Australia.
How we comply with GDPR
GDPR provides that data may be transferred outside of the EU where:
- there is an adequacy decision (Article 45); or
- appropriate safeguards have been put in place (Article 46); or
- a derogation applies (Article 49).
The jurisdictions in which we process your data are not currently subject to an adequacy decision by the European Commission. We confirm that we have put in place appropriate technological and organisational safeguards, in addition to robust contracts with our 3rd party suppliers in order to protect your data. However, reliance on Article 46 also requires the use of complex standard contractual clauses drafted by the European Commission and/or the nominated supervisory authority (the UK Information Commissioners Office (‘ICO’)) and/or gaining consent to contractual clauses by the ICO. This process is difficult, a long backlog exists and it is estimated by the ICO that applications may take well over a year to process and approve.
Given the nature of our company and the services we provide, we have elected to use one or more of the derogations present in Article 49 for our clients, namely:
- that the transfer is necessary for the performance of our contract with you; and
- that you have given informed consent to the transfer.
We have used the services of an independent GDPR Advisory Firm in order to ensure that we have fully complied with our legal obligations under the GDPR and that we have in place all legal policies and procedures required in order to safeguard your privacy. Our IT team are highly experienced and our cyber security precautions mean that your data is processed securely with the utmost respect for your confidentiality, using the same specifications and high data protection standards found in Europe. We can provide further details of our technological and organisational safeguards on request.
If you have any questions please contact us via email and we will be happy to assist.