Close is prepared and compliant
Close has implemented processes and procedures to ensure we meet both our Data Controller and Data Processor obligations under the European Union’s (EU) General Data Protection Regulation (GDPR).
To determine our readiness for GDPR, Close conducted a risk-based gap analysis of current capabilities and validated the assessment with an independent, third-party, GDPR expert. Our gap analysis, Cybersecurity Policy, Acceptable Use Policy, and Incident Response Policy are all available upon request.
It's important to note: GDPR does not have an accredited certification method, which means there is no GDPR-approved way to demonstrate compliance. If you have questions regarding our compliance please reach out to firstname.lastname@example.org and our Chief Cybersecurity Officer (CCO) or independent Data Privacy Officer (DPO) will gladly answer any questions you may have.
Close provides Data Processing Agreements to any customer who may need them. Included in the Data Processing Agreement are standard contractual clauses for data transfer to third-party countries. These clauses ensure our customers can transfer data to countries outside of the European Economic Area (EEA) in order to be able to use the Close platform. Furthermore, Close has Data Processing Agreements in place with all sub-processors where required by law.
We believe security and privacy are a shared responsibility between vendor and customer. Close is committed to helping you successfully meet your GDPR privacy requirements. It is important to understand your obligations related to the GDPR regardless of where your organization resides.