General Data Protection Regulation
As a global application service provider, in accordance with our information security and data privacy practices as Data Processor, to.co complies with all applicable data privacy regulations. We are providing the following information in order for users and customers to understand our compliance posture.
Questions and comments can be sent to: firstname.lastname@example.org
|Individual Responsible for GDPR Compliance||Peter Chapman, CEO, Cybersecurity & Data Privacy|
|Purpose of Processing||
Continuous security and compliance monitoring and audit readiness platform which
includes security awareness education and compliance workflow management.
|Lawful Basis for Collection & Processing||All PII collected and processed within to.co is in accordance with a Master Services Agreement between to.co and the Data Controller|
|Data Subject Access Requests (DSAR)||Requests for data access, modification or deletion may be sent to email@example.com|
Customer Data, including PII, is securely deleted from to.co systems within ninety
(90) days of service termination or upon customer request.
to.co controlled PII is deleted in accordance with internal policy, when it no longer has business value, or upon Data Subject request
|Data Protection & Information Security||to.co maintains a comprehensive information security management system to protect and preserve the confidentiality, integrity and availability of Customer Data.|
|Breach Notification||Any breach of PII will be promptly reported to Customers, Data Subjects and Data Authorities in accordance with our Incident Response Policy and all applicable regulatory requirements.|