GDPR Compliance Assurance: Statement for Our Customers

Purpose of this Statement

Invisible is committed to compliance with the General Data Protection Regulation (GDPR), which will go into effect May 25, 2018 and will be one of the strictest pieces of privacy legislation globally. Since GDPR was announced, we’ve been tightening up our policies and procedures to make sure we meet these requirements, and, as a final step, we are launching new online terms to address our obligations to you. The GDPR applies to all organisations established in the EEA but also to organisations established outside the EEA, when their processing activities relate to the offering of goods and services to individuals in the EEA or to the monitoring of individuals’ behaviour within the EEA. The regulation contains the most significant changes to European data privacy legislation in the last 20 years. It is designed to give EU citizens more control over their data and seeks to unify a number of existing privacy and security laws under one comprehensive law. Our customers can trust that Invisible has made GDPR a priority and has devoted significant and strategic resources toward our efforts to comply with GDPR. Invisible believes that privacy is a very important right for citizens and wishes to assure all the company’s customers that we are working hard on ensuring compliance in all areas of our business. When this statement mentions “Invisible,” “we,” “us,” or “our,” it refers to the “Avora Holdings LTD.”

Within this statement we wanted to highlight to our customers the measures we have put in place to ensure compliance with the GDPR where we hold or process personal data on your behalf.

What Invisible is doing

Like many other global software companies, Invisible is in the process of rolling out its company-wide GDPR compliance strategy leading up to May 2018 and beyond. Invisible appreciates that our customers have requirements under GDPR that are directly impacted by their use of Invisible products and services, and Invisible is committed to helping our customers fulfill their requirements under GDPR and local law.

We strive to build privacy into everything we do. We apply privacy guidelines and practices to protect all personal information including controlling how we use and safeguard the data we collect from our customers, users and through our products and services. You can also revew our Privacy Statement, available at Privacy Policy. We will never share your personal data with unaffiliated third parties for their own marketing uses without your explicit consent.

Invisible initiatives

Below are a few examples of initiatives Invisible has committed to in order to comply GDPR requirements that apply to both Invisible and our customers:

  • Ensuring our products are designed in accordance with ISO27001, ISO27002 and ISO27018 standards. These standards mirror many of the security and privacy requirements of GDPR and will help give our customers a transparent framework to measure our software development and data management practices.
  • Committing to follow any additional security and privacy measures required under GDPR.
  • Where we are transferring data outside of the EU, committing to appropriate data transfer mechanisms as required by GDPR. This includes our current adherence to Privacy Shield standard.
  • Assisting with respect to security and privacy of processing, notifying regulators of breaches, and promptly communicating any breaches to customers and user.
  • Assisting with data processing security and privacy requirements, notifying regulators of personal data breaches and promptly communicating any such breaches to our customers and end-users.
  • Ensuring Invisible staff that access and process Invisible customer personal data have been trained in handling that data and are bound to maintain the confidentiality and security of that data.
  • Holding any vendors that handle personal data to the same data management, security, and privacy practices and standards to which we hold ourselves.
  • Commiting to carrying out data impact assessments and consulting with EU regulators where appropriate.

Where does Invisible send my data?

Our goal is to provide our customers with secure, fast, and reliable services. We run our services with common operational practices and features across multiple jurisdictions. Today, Invisible hosting compute resources in the Microsoft Azure data centers located in the EU and in the US. Invisible personnel may need access to data stored in the EU from a non-EU country (e.g., US) for technical and support related reasons.

Our primary principles

Invisible is 100% committed to customers success and the protection of customer data, which is why our customers can count on our commitment to GDPR compliance.

  • You own your data, and we’re committed to protecting your privacy.
  • Our customer focused culture ensures that security is a top priority.
  • We strive to adhere to widely accepted standards and regulations to keep you at ease.
  • We are transparent with our policies to help you understand how we manage your data.

Validating our Practices

Independent third-party audits

  • We use independent third-parties to audit our practices against most sought after standards and regulations in the world. These reviews occur on a regular basis and are conducted by globally-respected audit and security firms that are independent and thorough in their evaluations. We take their reports seriously and have processes in place to address any issues that present risks to us or our customers.

External and internal application security testing

  • Our security team performs automated and manual application security testing and network vulnerability testing on an on-going basis to identify and patch potential security vulnerabilities and bugs on our desktop, web, and mobile applications. We also work with third-party security specialists, as well as other industry security research community members.

Continuous Improvement

  • A critical part of any information security management program is the continual improvement of security and compliance programs, systems, and controls. Invisible is committed to soliciting feedback from different internal teams, customers, internal and external auditors, and improving our security, privacy and compliance processes and controls over time.

Protecting your privacy

We believe you should always know what data we collect from you and how we use it, and that you should have meaningful control over both. As part of our ongoing commitment to transparency, and in preparation for new data protection laws that take effect May 25, 2018, we’re updating our Privacy Policy to empower you to make the best decisions about the information that you share with us.

This policy is intended to help you understand:

  • What information we collect about you
  • How we use information we collect
  • How we share information we collect
  • How we store and secure information we collect
  • How to access and control your information
  • Other important privacy information

Invisible is committed to responding to reasonable requests to review any of your Personal Information we may have and to amend, correct, or delete any inaccuracies. To have your information amended, corrected, or deleted, or if you have any questions that weren’t answered in this Data Privacy Policy, you can contact usAvora Holdings LTD.
650 Castro St,
Suite 120/385
Mountain View, CA 94041
E-Mail: [email protected]