Your Privacy Law Compliance Obligations
Introduction
At Aeris Communications, our relationships with our customers (‘you/your’) are built on transparency and mutual trust, and we prioritize your privacy and security compliance obligations (‘compliance obligations’).
Accordingly, Aeris is acutely aware of your privacy compliance obligations connected with you either acquiring and/or continued use of Aeris products and services.
We have prepared this document to explain how we can help you satisfy your obligations in the context of ‘buying’ and/or continuing to use Aeris products.
We’re here to help with your privacy issues
We recognize that your supplier engagement obligations may be complex and time-consuming to manage, so we have attempted to simplify the process for you in the following ways.
We make it easy for you to understand how we access and process your end-user data.
We recognize that you are obligated to conduct due diligence on the processing activities we undertake on your end users’ personal data for the purposes of providing our services.
Accordingly, we are happy to help explain our processing activities via our ‘follow-the-sun’ service delivery model.
Please contact dpo@aeris.net if you require assistance.
We provide Transfer Impact Risk Assessments upon request
We recognize that you are obligated to assess the risk of foreign government access to personal data that we process.
Broadly speaking, our ‘follow-the-sun’ support model is operated via:
- Internal hubs based in the U.S., Romania and India; and
- Sub-Processors predominantly based in the U.S.
Note: Sub-Processors are suppliers who may access your end user’s personal data (for example metadata and/or other identifiers) for the purposes of service delivery. Other service support suppliers that do not access your end users’ data may be classified as Sub-Contractors (rather than Sub-Processors).
Accordingly, we also have readily available Transfer Impact Assessments that we are happy to share upon request. These documents:
In the event of receiving a data access request, Aeris will raise all appropriate and available challenges relating to:
- any obligation to produce information, and
- any non-disclosure obligation regarding the existence or substance of the request.
In doing so, Aeris will always comply with all relevant legal obligations.
Please contact dpo@aeris.net if you require further information on Aeris sub-processors and/or require access to Transfer Impact Assessments.
We provide you with privacy law-compliant data processor terms
We recognize that you are obligated to impose specific data processing terms on us.
Accordingly, we provide you with global data processing terms that fit around our products and ensure that you comply with your contracting obligations.
Aeris’s data processing terms incorporate EU Standard Contractual Clauses and the UK Addendum.
We also have data transfer agreements in place between Aeris Group companies, that incorporate EU Standard Contractual Clauses.
Please contact dpo@aeris.net if you require further information on Aeris data processing terms.