CMiC is committed to ensuring our customers’ ability to meet their requirements under the E.U. General Data Protection Regulation (“GDPR”).
If you collect the personal data of data subjects in the European Union, you are likely a data controller and/or data processor under GDPR and if you use certain CMiC products or services, we may act as a data processor or data sub-processor under GDPR in relation to your role as data controller or data processor.
While we expect our customers to ensure their compliance with GDPR, including obtaining all rights and consents necessary to allow us to lawfully process personal data provided by our customers to us, CMiC is committed to abiding by our obligations as a data processor or data sub-processor under GDPR and to helping ensure that you meet your obligations as data controllers and/or data processors under GDPR. This includes ensuring that, where applicable, our application functionality will help you meet data subject requests related to access, correction, deletion and portability of personal data.
If you have any questions or believe you have a GDPR-related request from a data subject that requires our assistance, please e-mail us at firstname.lastname@example.org.
SOC 2 and SOC 3
SOC 2, which stands for System and Organization Controls 2, is a framework for Information Security that is developed by the American Institute of Certified Public Accountants (AICPA). The framework specifies how organizations should protect customer data from unauthorized access, security incidents and other vulnerabilities and are based on five Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy.
SOC 2: Compliance
At CMiC, we strive to demonstrate compliance with effective Information Security standards and protect customer data. To this end, we perform yearly audits to assess our adherence to the SOC2 security framework.