GDPR Compliance Grasple

As a social enterprise from the Netherlands our mission is to make knowledge openly accessible to everyone. We believe that we can only fulfill this mission if we can ensure that the data of our users is used and protected with the utmost care. Being a Dutch company we are held to the obligations of the General Data Protection Regulation (GDPR); we believe that this offers a great standard of personal data protection for our users both within and outside of the European Union. We sharply follow recommendations from data protection authorities. Here’s how we strictly adhere to these recommendations and GDPR obligations:

1. Data Minimisation Principle:

• We prioritize data minimization, collecting only the necessary information required for our services, limiting access of personnel to this data on the basis of necessity.
• Unnecessary data is not collected or retained.

2. Data Processing Agreements (DPA):

• We have established robust Data Processing Agreements with all our clients to ensure clear guidelines on data handling and protection.
• Our DPAs outline our commitment to GDPR compliance and our clients' data security.

3. Sub-processor Oversight:

• We work with third-party sub-processors to enhance our service delivery. These partners are carefully selected and held to the same GDPR standards.
• We maintain DPAs with all subprocessors, ensuring they follow GDPR regulations in handling your data.

4. Transfer Impact Assessments:

• We have conducted detailed Transfer Impact Assessments (TIAs) to evaluate and mitigate the risks associated with international data transfers.
• Copies of our TIAs are available upon request, demonstrating our commitment to data protection and transparency.

5. Security Measures:

• Our organization has implemented stringent security measures to protect your data from unauthorized access, breaches, and cyber threats.
• Regular security assessments and updates are conducted to maintain a robust data protection environment.
• We have integrated a continuous security and risk assessment procedure within the development and platform security teams.

6. Regular Audits:

• We conduct a comprehensive privacy and information security audit every two years to evaluate our adherence to regulations and identify areas for improvement.

For any inquiries related to our GDPR compliance practices or to request access to our Transfer Impact Assessments, please feel free to reach out to our Data Protection Office (legal@grasple.com or privacy@grasple.com)