GDPR in CCT
CCT might conduct processing of personal data for our clients. Our clients are data controllers and are responsible for how the data is processed in any given activity.
CCT has implementet technical and organisational measures according to the GDPR requirements to protect personal data from disclosure, removal or modification.
We have proactive measures in place to ensure compliance through passwords, encryption, backups and impact assessments. Security is a serious and important issue to us and our Information Security Management System (ISMS) is ISO 27001 certified.
This means that we have internal processes in place to handle security proactively and that we also are required to get regular external audits on our ISMS.
Right to be forgotten
|Service||Type of processing||Optional||Region||Reference|
|Amazon Web Services (AWS)||Primary cloud services provider. Used for storing and processing PII data||No||EU (Ireland, Germany, Sweden)||View reference|
|Google Cloud Platform (GCP)||Secondary cloud services provider.||No||EU (Finland, Germany, Netherlands)||View reference|
|Sendgrid||Transactional email service. Used to send all emails for our service, and as such it processes names and/or emails addresses.||No||US (SCC)||View reference|