General Data Protection Regulation
The General Data Protection Regulation (GDPR), is in effect as of May 25, 2018. The GDPR requires that companies and other organization that work with or offer services to people in the European Union comply with new rules for personal data and processing. These are also organizations that collect and analyze data tied to EU residents. The GDPR applies no matter where you are located.
Your Data With Agility in the Cloud
The Agility Platform is hosted 100% in the cloud with Microsoft's Azure SQL Databases. Our multi-tenanted system provides SQL Data Silos for each of our customers' web properties in the Canada Central and the US North Central region. Many of the new guidelines and requirements for GDPR and how they related to data stored or processed in Azure are outlined here in the Azure Trust Center.
Our Data Security and Compliance Committee sets out our policies on data protection and processing. These are some of the key points from our policy:
- All personal data is encrypted at rest and in transmission.
- Any personal data can be retrieved or removed via a request through our support system.
- Agility will never utilize a customers' data or their customers' data without expressed written permission.
- Agility will never capture or repurpose customer data without their consent.
- All analytics and diagnostics data stored by Agility is anonymized unless for purposes of audit logs which are require as per other data compliance rules.
- Any breaches of data security will be reported on to all affected parties in a timely manner.
Your Customers' Data With Agility
All of the data Agility captures and stores for our customers’ users resides in account specific databases in Microsoft Azure. All captured data is normally stored in the User Content or Website Users section of Agility. This can be administrated by our customers or partners who have access to that specific Agility account using the Content Manager.
If a user requires any data administration beyond what is available within the Content Manager backend, that can be accommodated by a request through our normal support.
We DO NOT repurpose, sell, or otherwise make available to external parties, our customers' personal data, or their personal data.