ASG Technologies Group, Inc., hereinafter ASG Technologies, has published this statement to A) provide you with some historic information about GDPR and its application and B) to share with you some important information regarding ASG Technologies’ compliance with GDPR.
1. A) GDPR – a bit of background:
The Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data (‘General Data Protection Regulation’ or its acronym ‘GDPR’) became law on May 25, 2018. This concludes four years of intensive discussions and consultations between the European Commission, national data protection authorities and industry representatives from all backgrounds. The European Union intends to create a Digital Single Market, and to this extent the GDPR forms the foundation in strengthening individual person’s rights in combination with the secure exchange of data in Europe.
ASG Technologies Group, Inc. acknowledges its responsibilities under the GDPR and other laws. In releasing this statement, ASG Technologies would like to assure you that it takes these legal changes seriously and confirms that your personal data is treated according to the precepts and rules set forth by GDPR as well as other applicable laws.
In effect, the GDPR is the newly improved “EC Directive 95/46/EC” which it replaced, as it is bolstered to give more rights to individual persons, to confer wider-ranging responsibilities to data processors and data controllers whose main business is data processing and/or dealing with sensitive data, and to provide for a harmonious application of data protection rules across all of Europe. As a consequence, businesses, their customers and private citizens alike share one main law which protects E.U. citizens’ fundamental rights with respect to private and family life and the protection of their personal data throughout the world. The GDPR has raised the bar by setting forth the highest standards of data protection in the world. This already has encouraged other economic regional frameworks and countries to follow suit. Ultimately, a global stage will be created for core data protection principles promulgated long ago, such as accountability, fairness and transparency of processing, data limitation and minimization, purpose and storage limitation, and accuracy.
The Digital Single Market envisaged by the European Union will provide a stream of innovation, invention and ingenuity for all businesses and their clients. Efficient business transactions can take place as the personal data is protected by the safe environment facilitated by the GDPR. ASG Technologies firmly believes that this can happen and has, not just since GDPR, actively contributed its share to help its customers by implementing data privacy techniques into the NTR software services it offers.
1. B) ASG Technologies’ steps to comply with GDPR:
While GDPR has been on everyone’s minds since April 2016, ASG Technologies has realized its customers’ needs for its NTR software services which have cybersecurity and data protection integrated from the outset and has been pursuing a data privacy agenda persistently for quite some time. In its pursuit of these, ASG Technologies has emphasized in particular:
1. Privacy by Design
ASG has designed its NTR software services by aligning to industry-standard requirements for data protection, privacy and security. Its development methodologies were created accordingly. From the outset, ASG has integrated data privacy principles into the Software Development Lifecycle, i.e. from its ingenious origins to a market-ready release, to validation. ASG Technologies has engineered the strictest security measures into every aspect of NTR software services – network security, physical/host facility security, application protection and feature-specific security. Our team of software engineers and technicians maintain NTR’s software services so it remains resilient and robust for your operations.
2. Application Security
ASG Technologies’ NTR software services have successfully operated throughout the years. This is because ASG Technologies applies improved techniques and protocols throughout the lifetime of the software. It makes sure that the required technical as well as organizational measures are applied, like, for example, secure logins, use of layered encryption, management of keys, authentication methods, and digital signatures. Intrusion detection means an attack-detection system which utilizes data validation and pattern matching. NTR software services detects the following types of attacks at the application level: SQL injection and cross-site scripting.
3. Management of third parties
ASG Technologies requests its partners and vendors to enter into data processing agreements in order to meet their responsibilities with regard to data protection and transparent use of information. In cooperating with ASG Technologies’ partners and vendors, industry standards are followed to protect customer’s personal data.
4. Policies and procedures
5. Information Security
It is the designated task of our Information Security Department to review and optimize ASG Technologies’ corporate-wide General Security Policy which is supplemented by an Information Security Incident Reporting Procedure (‘ISIRP’). Appropriate technical and organizational measures are defined so that the ISIRP process remains effective and that the ongoing availability, confidentiality, integrity and resilience of ASG Technologies’ own systems and network are ensured. A copy of ASG Technologies’ General Security Policy may be obtained upon written request to ASG Technologies.
6. Data Governance
At any time ASG Technologies is able to give account of the personal data belonging to a customer, its processing and location as well as who within ASG Technologies’ team has access to it. ASG Technologies currently has subscribed to the E.U. – US Privacy Shield and the Swiss – US Privacy Shield Frameworks. ASG Technologies does not itself hold any confidential data of its customers or data belonging to customers’ clients. When carrying out support work at a customer’s request, the only information needed and verified would be the customer’s registration details but not its (the customer’s) own or clients’ confidential data. A customer’s registration details and transaction documents for the initial purchase and subsequent renewals would be stored by ASG Technologies on a server in the US for as long as that customer elects to continue subscribing to the NTR software services. Once the subscription ends ASG Technologies will destroy the registration details and transaction documents after lapse of legal retention periods. In order to provide the NTR software service, ASG Technologies uses an NTT data center in Germany for its European customers. This is a facility accredited by the German TÜV, certified by multiple ISO standards and is fully redundant by way of its construction. ASG Technologies does not and will not require access to your own data at rest and that of your clients at the NTT data center.
7. Additional information
ASG Technologies has asked its Legal and Information Security Departments to monitor its adherence to relevant laws. ASG Technologies utilizes the expertise of external legal data protection and cybersecurity specialists to ensure the proper treatment of personal data. All of ASG Technologies’ departments cooperate to analyze the company’s processing activities. In summary, ASG Technologies’ activities serve a continuous effort to apply a GDPR compliance program to the whole ASG Technologies Group. Here are some of the key activities which have taken or are taking place:
Refinements to our Software License Agreement and consent mechanisms;
Procedures by which data subject access requests can be securely submitted;
Formation of a dedicated GRC – Global Risk Compliance – Team;
Appointment of information security specialists, including Data Protection Officers.
If you require further information relating to ASG Technologies’ NTR software services and GDPR, simply contact your designated Sales Account Representative or, for privacy concerns, send an email to: firstname.lastname@example.org