Security and GDPR

Basebear takes data protection very seriously and is committed to keeping customers' personal information safe and compliant with the General Data Protection Regulation (GDPR). The regulation makes significant changes to European data privacy legislation, is designed to give EU citizens greater control over their data and seeks to unify a number of existing privacy and security laws into one comprehensive law. Our clients can be assured that we have made GDPR a priority and have dedicated all the necessary resources to comply with it.

Here are some examples of the activities we have carried out and continue to carry out:

• Updated privacy policy published.
• We have updated our internal data management and storage policies, especially for data backups, and ensured that all data is encrypted (Encryption at Rest).
• We use an encrypted communication system between your computer and our servers and vice-versa, which means that no one is able to read your data (Encryption in Transit).
• All data is replicated on multiple disks, stored on multiple locations and backed up daily. All servers use modern techniques to remove possible slowdowns and points of failure.
• The software infrastructure in all its layers is always up-to-date with the latest patches and protected by dedicated firewalls.
• We conducted data protection impact assessments (DPIA). Based on the results, we put in place appropriate controls on data processing and management.
• We review and update all our internal tools and dashboards and ensure that the information displayed is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.
• We have also appointed a Data Protection Officer (DPO).
• Checked all sub-processors that handle our customers' personal data to ensure they meet the security and privacy standards under the GDPR.
• We have cleaned up our databases to ensure that we have only the most recent and accurate information. This cleaning process includes the removal of closed and dormant accounts according to our Terms of Service.
• We have reviewed our data export options to ensure that the account owner can export all data in a structured, commonly used and machine-readable format at any time.