GDPR in CCT
CCT might conduct processing of personal data for our clients. Our clients are data controllers and are responsible for how the data is processed in any given activity.
CCT has implementet technical and organisational measures according to the GDPR requirements to protect personal data from disclosure, removal or modification.
We have proactive measures in place to ensure compliance through passwords, encryption, backups and impact assessments. Security is a serious and important issue to us and our Information Security Management System (ISMS) is ISO 27001 certified.
This means that we have internal processes in place to handle security proactively and that we also are required to get regular external audits on our ISMS.
Right to be forgotten
GDPR gives everyone the right to demand full disclosure of the their personal data from a business at any time, and that this data can be deleted on request. The process for this is outlined in our privacy policy.
Subprocessors
Service | Type of processing | Optional | Region | Reference |
Amazon Web Services (AWS) | Primary cloud services provider. Used for storing and processing PII data | No | EU (Ireland, Germany, Sweden) | View reference |
Google Cloud Platform (GCP) | Secondary cloud services provider. | No | EU (Finland, Germany, Netherlands) | View reference |
Twilio Sendgrid | Transactional email service. Used to send all emails for our service, and as such it processes names and/or emails addresses. | No | US (SCC) | View reference |