GDPR Regulatory Compliance

Dedication to your data privacy

Our unwavering commitment to safeguarding your personal data is at the core of our values. We prioritize the success of our customers while ensuring the utmost protection of their data. As part of this pledge, we are committed to assure you understand you rights under the General Data Protection Regulation (GDPR) with regards to your personal data processed by Panaya. One way that we deliver on this promise is by providing you with the following information.

The GDPR is crafted to empower EU citizens with heightened control over their data, aiming to harmonize various privacy and security laws under a singular, all-encompassing regulation within the EU. Its scope extends beyond organizations within the EU, encompassing all companies that handle the personal data of individuals residing in the European Union, regardless of the companies’ geographic location (referred to as the extraterritoriality scope).

Below is a detailed explanation of the necessary steps we took to comply with the GDPR and protect your personal data.

At a glance –

• Disclosures and Policies Update: We have revamped the structure and language of all our disclosures and policies to provide clearer description on the information we collect, its purpose, recipients, your rights, and more. In our Privacy Policy, we share what information we collect, how we use and store that data, and how you can access and control your information. Specific disclosures are provided to our job applicants who apply for an open position with Panaya, as detailed in our Job Candidates Privacy Notice.
• Security Investment: We have significantly enhanced our commitment to security by implementing additional measures to strengthened the security of your data – such as enhanced auditing and logging, the introduction of new internal security policies, comprehensive staff security training, strengthened password and secret management, and more all in accordance with Panaya SOC2 certificate.
• Employee Training: Our team undergoes rigorous training in handling customer data and personal information, ensuring the utmost confidentiality and security.
• Data Processing Agreement: If and to the extent applicable, we support the EU’s Standard Contractual Clauses through a Data Processing Agreement.
• EU Data Storage Option: We provide our customers a choice for EU data storage.
• EU Representative: We have appointed our subsidiary – Panaya Germany GmbH as our privacy representative and our EU customers’ point of contact. Panaya Germany gives you an easy way to exercise your privacy-related rights as detailed here.

Our security commitment

We recognize that we are entrusted with data which our customers find valuable, which is why we have built security into every layer of our architecture, pursuing a ‘privacy by design’ approach to the design and development of our services.

Our application is built on world-class, modern cloud infrastructure designed to ensure the safety of your data. We have carefully chosen proven third-party cloud providers that have a great security track record, and we employ best practices, including regular backups, data encryption, sanitized logging, and common attack prevention.

SOC2 certification and audits:

Panaya is SOC2 certifies, which affirms the controls in place related to security, availability, confidentiality and privacy of our services. To that extent, Panaya uses an independent third party to perform annual SOC 2 audits that review applicable internal controls and processes. The audits cover internal governance, production operations, change management, data backups, and software development processes.  They evaluate that we have the appropriate controls and processes in place and that they are actively functioning appropriately in accordance with related standards.

International data transfers

Within our Data Processing Agreement, we provide customers with a resilient international data transfer framework. This supplementary agreement guarantees the lawful transfer of personal data to our services outside the European Economic Area, relying on the efficacy of the Standard Contractual Clauses. Additionally, our Data Processing Agreement incorporates specific provisions designed to support customers in meeting their GDPR compliance obligations.

Data subjects’ rights

Our customers’ and users’ privacy rights are a core value at Panaya. As mandated by the GDPR individuals are allowed to exercise their right by simply submitting our Data Subject Request form (“DSR”) to [email protected]. Note, however, several rights can be exercised independently by you without having to submit the DSR, all as detailed therein.

Please note for our website visitors, we surface consents for cookies and marketing messages to provide clarity and control at points of collection. Our internal processes centralize consents to ensure we’re consistently honoring your choices across our product suite.