YOUR SECURITY IS VERY IMPORTANT and we take it very seriously.
We offer our customers a very secure online experience. Our system uses multiple layers of protection and multiple authentication factors to keep your data safe.
Our Commitment to You and the Protection of Your Data
We’re committed to partnering with Phoenix customers and users to help them understand and prepare for the General Data Protection Regulation (GDPR). The GDPR is the most comprehensive EU data privacy law in decades, and went into effect on May 25, 2018.
Besides strengthening and standardizing user data privacy across the EU nations, it will require new or additional obligations on all organizations that handle EU citizens’ personal data, regardless of where the organizations themselves are located. On this page, we’ll explain our methods and plans to achieve GDPR compliance, both for ourselves and for our customers.
Preparing for the GDPR
The GDPR’s updated requirements are significant and our team is working diligently to bring Phoenix products and contractual commitments in line so customers can prepare themselves. Measures to achieve this include:
Continuing to invest in our security infrastructure
Making sure we have the appropriate contractual terms in place
Ensuring we can continue to support international data transfers by maintaining our Privacy Shield self-certifications, and by executing Standard Contractual Clauses through our updated Data Processing Addendum
Product offerings that include new tools for data portability and data management
We’ll also continue to monitor the guidance around GDPR compliance from privacy-related regulatory bodies, and will adjust our plans accordingly if it changes. We’ll provide you with regular updates along the way so that you’re always current.
Our Security Infrastructure and Certifications
International Data Transfers: Privacy Shield and Contractual Terms
To comply with E.U. data protection laws around international data transfer mechanisms, we self-certify under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield. These frameworks were developed to establish a way for companies to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States.
In addition, we offer European Union Model Clauses, also known as Standard Contractual Clauses, to meet adequacy and security requirements for our customers who operate in the E.U.
Data Portability Solutions and Data Management Tools
Customers have requested tools to help them comply with the GDPR. And we’re happy to say that we’ve provided open access to all data held by us in structured form. As a pre-requisite, it should be noted that unlike other cloud apps – Phoenix specifically holds structured data. This means that the specific type of data you would like to export needs to be identified, and then we enable you to push/pull data via specific, documented endpoints.
Any Customer can request permanent deletion of all their data inside the Phoenix application. When logged in to Phoenix application, visit the billing section of your account – where you will find a link to a form that enables you to request deletion of your entire organization and all associated data. Please contact us if you have any queries around GDPR and our compliance to it.