All documents
Terms of service
Privacy policy
Avrio subprocessors
Cookie information
Acceptable use policy
Responsible Disclosure
GDPR commitment
PCI compliance
Data processing agreement
Non-disclosure agreement
Legal overview

Our GDPR commitment

Effective date: February 15, 2021

We’re committed to helping Avrio customers and users understand, and where applicable, comply with the General Data Protection Regulation (GDPR). The GDPR is an important piece of legislation that is designed to strengthen and unify data protection laws for all individuals within the European Union and went into effect on May 25, 2018.

The GDPR’s updated requirements are significant and our team has built Avrio’s security, privacy, operations, and contractual commitments with GDPR in mind from day one.

Below are the key pillars that make up our commitment to you in fulfilling and in some cases exceeding the requirements of the GDPR to ensure the safety and privacy of your data.

Security

We believe we don’t just have a responsibility to give our users and customers the tools they need to conduct and share research—we also have the responsibility to offer tools and methods to safeguard data so that trust between can be assured and maintained.

We use a third-party, top-tier datacenter that maintains several industry-recognised certifications, and we have processes and audits in place to systematically help ensure the safe and secure use of our service for everyone.

Read more about our security practices.

International data transfers

The GDPR requires organizations to use a recognized legal mechanism to transfer data from the EU to other countries that do not have a similar data protection framework.

We offer EU Model Contractual Clauses as a part our Data Processing Agreement (“DPA”) that can be signed directly through Docusign from our site helping ensure that you can safely transfer data to our services.

Data location and portability

We maintain a list all of all our third party Data subprocessors and share information on what we use them for and where they are located. We always set the default region within the EU wherever possible helping ensure that you can safely transfer data to our services.

We also help you honor your customers’ ‘right to be forgotten’. You may request the deletion of personal data from Avrio by sending an email to legal@avrio.com at any time.

Data exports are also available by sending an email to the same address.

Other commitments

Below are several other GDPR initiatives that have been implemented within Avrio:

  • We have ensured Avrio team members that access and process Avrio customer personal data have been limited to the absolute minimum and have been trained in handling that data and are bound to maintain the confidentiality and security of that data.
  • We are committed to carrying out data impact assessments upon request.
  • We will promptly communicate any breaches to customers and users and assist with notifying regulators where applicable.

Contact us

If you have any further questions, please email us at legal@avrio.com.