Aviso’s Commitment to GDPR
We have completed the internal self-assessment and compliance review as applicable to the GDPR regulation and implemented new controls around data privacy and protection.
We remain committed to protecting personal data in compliance with the highest standards of privacy and security.
What is GDPR?
General Data Protection Regulation – better known as GDPR, is a new privacy regulation in the EU that went into effect on May 25, 2018. GDPR standardizes data protection law across all EU countries and imposes new rules on controlling and processing Personally Identifiable Information (PII).
Who is affected?
The GDPR is a significant change in the data privacy landscape in the EU and clearly allocates the responsibility between the data controller (Aviso’s customers and partners) and the data processor (Aviso, Inc.) with respect to the processing of personal data. Under the GDPR, both the data controller and data processor have additional duties and obligations to protect personal data, and both face liability for any failures to comply with the GDPR requirements.
GDPR Principles and Aviso
Lawfulness, Fairness and Transparency
Aviso processes data as needed for our customers for the purposes explicitly laid out in our customer engagements.
Our privacy policy describes the data that we capture and how such information is used
Purpose Limitations
We will only collect data for the purposes of sales, analytics and optimization in accordance with our privacy policy. We will not use personal data for any other purpose
Data Minimization
We will only collect the adequate, relevant and limited amount of data required to perform our service
Accuracy
Aviso supports the data subject’s right to rectification, allowing them to ensure Aviso data is accurate either through a direct request to Aviso or to our customers
Storage Limitations
All the data subject’s data will be deleted within reasonable time after the termination of a customer engagement, as defined in the customer contract
Integrity and Confidentiality
Aviso has strong measures in place to ensure that our data is secure and protected by employing frequent security scans, penetration tests, and leveraging industry standard technologies to ensure that our data is safe.All personal data will be encrypted at rest and in transit.
SOC 2: Security, Availability & Confidentiality
Aviso has successfully completed our annual SOC 2 security audit. Aviso System and Organization Controls (SOC 2 Type II) Report provides our customers and users, an independent Service Auditor’s assessment of controls at Aviso that meet the AICPA Trust services Security, Availability, and Confidentiality Principles and Criteria.
Scope
This report is based on an independent auditors examination of Aviso, Inc’s sales vision platform based on the criteria set forth in paragraph 1.26 of the American Institute of Certified Public Accountants (AICPA) Guide, Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (SOC 2), and the suitability of the design and operating effectiveness of controls described therein to meet the criteria for the security, availability, and confidentiality principles set forth in AICPA TSP Section 100, Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (applicable trust services criteria).
Control Environment
Aviso is committed to establishing and monitoring an effective control environment and managing business risks to the company and the customer data managed by Aviso. Aviso’s management takes its organizational structure and responsibilities seriously and takes an active role in the governance of Company controls.
Management believes that a robust control environment is needed at all Company levels and maintains accountability for implementing daily operations, and communicating and monitoring the internal control structure, including relevant standards, policies, and procedures. Aviso requires all personnel to exercise integrity as a standard of performance and to provide high quality service and support to customers.
Security and Monitoring
Aviso has established and maintains a formal, documented company-wide Information Security Management Program that provides management direction and support for implementing information security within the Aviso environment. The objective of the program is to maintain the confidentiality, integrity, and availability of data and assets while complying with applicable legislative, regulatory, and contractual requirements.