We process and enrich personal or organisational data submitted via API or files. ADSuisse refines and supplements it with additional, valuable information, by employing a few simple procedures.
Our data storage facilities are located in Basel, Switzerland, which is famous for its higher security standards for storing and protecting all kind of personal and corporate data. We count on certified data centers with zero tolerance to possible security gaps. All personal data is encrypted and protected against leakages. What is more, data is never transferred out of Switzerland or the European Union.
We are GDPR compliant. Our processes and procedures strictly follow the rules for data processing, defined in our data protection policy. We accept data only if there is a consent for it, process it for a limited period of time and then forget it (or anonymize it). We also provide the option for customers to export data and exercise their full rights according to the GDPR (please contact us here). We are also maintaining various registers required for compliance. For a full list of measures or more information about how we handle individual data please contact us on email@example.com
ADSuisse has a data protection officer (DPO) which is an enterprise security leadership role required by the General Data Protection Regulation (GDPR). Data protection officers are responsible for overseeing data protection strategy and implementation to ensure compliance with GDPR requirements. His main responsibilities are to educate the company and employees on important compliance requirements, train staff involved in data processing, conducting audits to ensure compliance and address potential issues proactively, serving as a SPoC between the company and GDPR Supervisory Authorities, monitoring performance and providing advice on the impact of data protection efforts, interfacing with data subjects to inform them about how their data is being used, their rights to have their personal data erased, and what measures the company has put in place to protect their personal information. Our DPO officer is a reputable lawyer company. Please contact us for more information.
Data can only be retained for as long as necessary for the purpose for which it was obtained. ADSuisse has determined to keep data sent by customers only for the time of processing or according to the agreement with customers before it is anonymized or deleted. Sometimes we keep pieces of data to improve our AI and machine learning algorithms, but its 100% anonymized.
We are maintaining extremely high standards of office security. From the physical protection of our assets to procedures that every employee must follow. Some of the measures we have taken to prevent security issues and reduce threats are: • we are monitoring/surveilling every single access to physical (workspace) or digital assets; • we strictly limit employee access to data, depending on the job role; • we employ firm procedures for securing desktop and laptop computers, password generation and access to resources; • home office is strictly prohibited as it increases risk (no matter that all connections are encrypted); • holding/printing personal data on paper is absolutely forbidden; • data exports can be executed only after GDPR board approval and only on limited amount of data; • our employees work on Unix based machines to limit possible virus threads;
Employees who handle personal data of other employees or customers receive regular training in order to ensure that they handle it in accordance with GDPR. The company keeps training register and provides update and refresher training. In addition to that teaching employees about safe online habits and proactive defense is crucial. Training aims to make our employees understand how important company's data is, and all the measures they can take to protect it.
In some cases, ADSuisse uses a sub-processing subsidiary, located in Bulgaria (eAssist). However, sub-processors remain fully liable to the controller for the performance of the sub-processors obligations. Any contractual relations with sub processors include the subject-matter and duration of the processing of personal data; the nature and purpose of the processing; the obligations of security, warning, and alert towards the controller. In the name of transparency, all customers are informed when subprocessor is used to processing their data.