This document is designed to help Intrro customers and users understand, and where applicable, comply with the General Data Protection Regulation (“GDPR”). The GDPR is the most significant change to European data privacy legislation in the last 20 years and went into effect on May 15, 2018.
GDPR is designed to give European Union (“EU”) citizens more control over their data and seeks to unify a number of existing privacy and security laws under one comprehensive law.
Intrro has made information security and data privacy foundational principles of everything we do, and we recognize the importance of adhering to regulations to advance information security and data privacy for citizens of the EU.
We are fully GDPR compliant and follow GDPR principles, including explicit consent, purpose limitation, security, the right to be forgotten, and more.
Intrro self-attests for GDPR compliance using Vanta and we're happy to share trust reports on request, with any customer or prospect who may potentially be interested in using Intrro.
We appreciate that our customers have requirements under the GDPR that are directly impacted by their use of our services. Below are several GDPR initiatives that have been implemented across our services.
GDPR strengthens rights of data subjects in many ways by including rights to request access to, correct, restrict, object, and/or erase personal data processed about them. Intrro has put a process in place to support data subject access requests that we receive which will assist our clients with compliance in supporting the right to object, and the rights of access, rectification and erasure.
GDPR implements new notification requirements on both controllers and processors for data breaches that lead to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to personal data. While Intrro has a comprehensive Incident Response Policy in place already, we have updated this Policy to align with the new notification requirements which will ensure that we can update our clients without undue delay, to further allow our clients to meet their obligations under GDPR in the unlikely event of a personal data breach.
Can my organization request to modify the DPA?
We are unable to accept modifications to our DPA.
Have you adopted the new Standard Contractual Clauses?
Yes. In light of the new Standard Contractual Clauses adopted and approved by the European Commission, we have updated out DPA to incorporate the SCCs. You can learn more at New SCCs & the GDPR.