PRIVACY LAWS DATA PROTECTION

Vervantis Inc. is a US Corporation and complies with all state legislation on consumer privacy and data protection. As a provider of services in Europe, we also comply with GDPR requirements.

Vervantis does not share or sell data and is committed to the protection of both its own and its customer’s data. This commitment has led to a significant investment in obtaining and maintaining data security compliance (SOC 2), ensuring our systems, staff, and protocols are tested and updated regularly. Vervantis has a dedicated internal team made up of cross-functional stakeholders overseeing our ongoing compliance efforts, which include:

The California Consumer Privacy Act (CCPA) enacted in 2018 taking effect on January 1, 2020.

The EU General Data Protection Regulation (GDPR), which replaced the existing 1995 EU Data Protection Directive (European Directive 95/46/EC), was enacted in May 2018.

As each state reviews and legislates on consumer data protection, Vervantis internal team will ensure our organization is in compliance and our customers are protected.

ASSESSMENT

Vervantis has reviewed where and how our relevant services collect, use, store, and dispose of personal data and have updated policies, standards, governance, and documentation where needed. Vervantis is dedicated to keeping such due diligence current and carrying out re-assessments periodically and as required by changed circumstances.

CONTRACTUAL COMMITMENTS

Vervantis has reviewed its existing contracts to ensure data privacy compliance and will continue to conduct due diligence.

CROSS-BORDER DATA TRANSFER

Vervantis’ contractual commitments meet the requirements to legally transfer data from the EU to the rest of the world under applicable law.

EMPLOYEE TRAINING AND AWARENESS

All Vervantis employees complete data privacy and security training. Vervantis has supplemented existing training modules with the specific US and European privacy content. In addition to these training requirements, Vervantis conducts ongoing awareness initiatives on a variety of topics, including data protection, security, and privacy.

VERVANTIS PARTNERS AND CUSTOMERS

Compliance with the various privacy laws requires a partnership between Vervantis, our customers, and our vendors in their use of or access to our services and solutions. In this context, Vervantis generally will act as a data processor, and our partners and customers generally will operate as data controllers. Working together, we hope to explore opportunities within our relevant service offerings to assist our partners and customers in meeting their data privacy obligations. In the meantime, Vervantis encourages partners and customers to independently familiarize themselves with the privacy laws of both their states and the GDPR.