The EU General Data Protection Regulation (GDPR) is now in effect, and Yva is here to support you in meeting its requirements.
What Is GDPR?
GDPR is setting a new standard for how organizations collect, use, and protect personal information of individuals domiciled in the EEA country. With the growing concern for data safety, this law is designed to restore the confidence of the public.
GDPR Implications For Your Organization
Whether or not your organization is based in the EEA, all business that control or process personal information of individuals domiciled in the EEA country have to do so in accordance with the GDPR requirements.
As an employer, this means that you are responsible for ensuring that the personal information of your EEA domiciled employees is processed in accordance with the GDPR requirements.
Because of this, you are also responsible for ensuring that any service providers that you use will process the personal information of your EEA domiciled employees in accordance with the GDPR requirements.
Yva's GDPR Compliance
Yva's is committed to ensure its GDPR compliance.
Here are some of the following measures that Yva has put in place:
Yva has prepared a Data Processing Addendum that contains the GDPR contractual requirements. Where applicable, this Data Processing Addendum is incorporated into our Yva Terms of Service for Cloud Services, available at https://yva.ai/terms.
Our contractual commitments relevant to GDPR are that:
2. Yva Continues To Improve Its Security Infrastructures
- Yva will be transparent and never use your employees' personal information other than as instructed by you,
- Yva will maintain appropriate technical and organizational security measures to protect your employees' personal information,
- Yva will assist you with requests from your employees regarding their personal information that is processed using Yva Cloud Services in line with GDPR requirements.
Yva is committed to maintaining appropriate technical and organizational security measures to protect your employees' personal information that is processed using Yva Cloud Services in line with the GDPR requirements.
Our commitments to maintaining our security measures are as follows:
- Yva Cloud Services staging and production environments are hosted in Microsoft Azure. MS Azure infrastructure meets a broad set of international and industry-specific compliance standards. Detailed information can be found at https://docs.microsoft.com/en-us/azure/security/az...
- Customers can authenticate via their platforms of choice (GSuite or Office365), or can use passwordless email authentication, and never set a service specific password.
- Yva encrypts all communication between you and Yva's applications using industry standard SSL/TLS encryption.
- Yva Cloud Services encrypts all data at rest using 256-bit encryption via native MS Azure capabilities.
- Yva Cloud Services servers are protected by high-end Azure firewall systems.
- Yva's employees and personnel have committed themselves to confidentiality or are under appropriate statutory obligations of confidentiality, are granted access to systems that hold your data on a "need-to-know" basis (i.e. if required to perform their job). Employees and personnel who have access to systems that hold your data are required to use strong passwords and multi-factor authentication.
- Yva has measures in place to ensure the ongoing confidentiality, integrity, availability, and resilience of Yva Cloud Services processing systems and services.
- Yva can restore the availability and access to your employees' personal information that processed using Yva Cloud Services in a timely manner in the event of a physical or technical incident.
- Yva is putting in place a process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures to ensure the security of your employees' personal information processed by Yva Cloud Services.
Yva Self-Hosted Solutions that installed in your environment does not transfer any data to us. Without an agreement between you and Yva it isn't possible for us to have any access to customer data that processed using our on-premise solution. Yva on-premise solution operates in a completely isolated network environment. In such a case any updates and maintaining is fully controlled by you.
GDPR does not require personal information of the EEA domiciled individuals to be stored in the EEA exclusively. GDPR does, however, require transfers of the EEA domiciled individuals' personal information outside of the EEA to comply with certain international data transfer standards. Yva is and will be in compliance with the required international data transfer standards under GDPR.