How is NiceSenser working towards GDPR compliance?
NiceSenser is already fulfilling its responsibilities as a data processor and data controller. We have established a solid base of certified security and privacy controls, and we will continue to improve our products.
Ensuring Strong Security and Privacy Compliance
How We Safeguard Your DataWe use hosting platforms in Western Europe, the US and Canada and provide 4 security levels:
- All information is hosted on servers in certified data centers.
2. Access security
- Data transfer via the SSL secure protocol (HTTPS secure protocol).
- Certificated by Comodo, one of the leading certification centers.
- All transmitted data is encrypted with a 128-bit key like in major banks or payment systems.
3. Network security
- Switches and firewalls at each level to provide additional security.
- Data transmission between hosts via SSL connections.
- Permanent monitoring of network security.
4. Personal Account security
- Flexible setup of access rights by roles.
- Setup of access to various functions: view contacts, download contacts, create messages, send email and sms.
- Sending via API without uploading the client email database into NiceSenser.
Privacy by Design
At NiceSenser, we have a proactive approach to product development called "privacy by design" that aims to help you responsibly harness the power of data.
We have updated our agreements with customers and vendors to align with the requirements of GDPR.
To ensure everyone in our company is informed about GDPR, we have established a GDPR group consisting of representatives from all departments and conducted awareness campaigns for all employees.
Product and Process Innovation
We continuously listen to our customers and seek ways to simplify and automate our product and service offerings to better meet their GDPR needs. We have also established the office of Data Protection Officer to ensure compliance with GDPR and maintain the highest standards of security and privacy for consumers.
We have implemented procedures to promptly detect, report, and investigate any personal data breaches. All employees are aware of their responsibilities in the event of a data breach.
To uphold the level of data protection mandated by GDPR, the transfer of personal data to countries outside the EEA is restricted. This applies when transmitting, sending, viewing, or accessing such data in a different country.
We will only transfer Personal Data outside the EEA if any of the following conditions are met:
- The European Commission has confirmed that the country we transfer the Personal Data to ensures an adequate level of protection for the rights and freedoms of the Data Subjects.
- We have implemented appropriate safeguards such as binding corporate rules (BCR), standard contractual clauses approved by the European Commission, an approved code of conduct, or a certification mechanism. A copy of these safeguards can be obtained from the DPO.
- The Data Subject has given explicit consent to the proposed transfer after being informed of any potential risks.
- The transfer is necessary for other reasons stated in the GDPR, such as the performance of a contract between us and the Data Subject, reasons of public interest, to establish, exercise, or defend legal claims, or to protect the vital interests of the Data Subject when they are physically or legally incapable of giving consent. In some limited cases, it may also be for our legitimate interest.