Falcon.io approaches the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) as important influences for clarifying requirements for data protection and as opportunities to further evolve our data protection measures.
We continue to analyze the requirements of privacy legislation and work to make enhancements to our platform, contracts, and documentation to ensure the compliance of both Falcon.io and our customers.
As Falcon.io continuously embeds privacy principles into our services and processes, we improve our data protection measures on an ongoing basis
Our commitments to security and data protection
- Executive sponsorship & Data protection officer (DPO)
Falcon.io has established a privacy team consisting of executive and senior employees to uphold our ongoing compliance. As part of this effort, our parent company’s DPO and his specialist team monitors Falcon’s data protection practices and consult the organization on such matters on an ongoing basis.
You trust us with your data. Protecting that data and via this your reputation is paramount to us. From our executive leadership to our technical teams, everyone at Falcon takes the security of our product and the protection of our customers’ personal data very serious.
- Customer compliance requirements
- We’re actively working with our customers to fully understand their privacy and data protection needs. Additionally, we’re working with our DPO and his specialist team to ensure that we are in compliance with Privacy legislation such as GDPR and CCPA.
- Data Breach Reporting
- We have updated our procedures to meet GDPR timing and content requirements.
- Privacy by Design & Default
- Falcon incorporates Privacy by Design methodology into new product and service assessments that involve the processing of personal data. These principles also govern all material changes made to existing services and products.
- GDPR Agreement
- We have a revised GDPR Agreement ('DPA') available for all our customers, which codifies the obligations of the data processor and data controller as they relate to the GDPR. We aim to always provide very clear communication and language around our contractual GDPR and Data protection regulations and measures. Clarity is of the utmost importance in relation to privacy compliance to ensure correct actions are taken, for example, for incident and breach management. We always recommend working closely with your own legal counsel to determine exactly how privacy legislation affects your operations.
Documentation and trust
A clear requirement of GDPR and other privacy legislations is the ability to document compliance. Falcon decided early on to formalize its documentation requirements within the best-in-class privacy software Onetrust.
- Records of processing
- We have integrated OneTrust to manage and record all of our privacy operations.
- Data mapping
- We have completed the necessary privacy assessments to identify potential data protection gaps in our systems and processes. We have also taken the necessary steps to bring these in line.
- Data Subjects Rights
- Falcon has processes in place to ensure that each customer can receive assistance from us in relation to data subject requests such as information access, correction, objection, and erasure. You can also request information and assistance from us when you need to perform a Data Protection Impact Assessments or similar initiatives. Please reach out to our Support team for assistance in such matters.
Data protection and Privacy:
- User Audit Log
- Full GDPR compliance.
- Retention policy
- Clear, GDPR-compliant customer data retention policy.
Next to privacy compliance, Falcon also has general information security compliance initiatives in place to ensure the safety of your data. Find out more about these initiatives here.