At Fond, protecting our customers’ data is our highest priority, and we believe our customers have the right to know when and how we use their data. Fond takes a holistic approach to data security and privacy by handling data in compliance with standards standards including the General Data Protection Act (GDPR), California Consumer Privacy Act (CCPA), Privacy Shield, and SOC 2.
GDPR and CCPA
The General Data Protection Regulation (GDPR) is a European Union (E.U.)-based privacy law that took effect on May 25, 2018 governing the ownership of data and data subjects (users). The California Consumer Privacy Act (CCPA), effective January 1, 2020 is a California bill that enhances privacy rights and consumer protections for residents of California.
GDPR establishes guidelines for a data subject’s rights to correct their data, remove their data, receive a copy of data acquired by companies, and have visibility into how their data is used.
The California Consumer Privacy Act (CCPA), effective January 1, 2020 is a California bill that enhances privacy rights and consumer protections for residents of California.
CCPA establishes guidelines for a consumer’s rights to control the use, deletion, access and portability of their private information (PI).
As part of its holistic approach to Data Security and Privacy, Fond has performed a comprehensive evaluation of GDPR and CCPA requirements and enhanced our privacy and security practices to ensure compliance, including:
- Employee training on security and privacy practices
- Providing data transfer methods to customers
- Performing privacy impact assessments
- Maintaining records of processing activities
- Providing mechanisms to efficiently handle data subject requests
Fond continues to monitor GDPR and CCPA to ensure that our programs remain in compliance.
Key principles emphasized in Privacy Shield:
- Clear safeguards and transparency obligations on U.S. government access
- Strong obligations for companies handling data
- Effective protection of individual data rights, including redress options for E.U. citizens
- An annual joint-review by the European Commission and the U.S. Department of Commerce
The American Institute of Certified Public Accountants (AICPA) Service Organization Controls (SOC) reports give assurance over control environments as they relate to the retrieval, storage, processing, and transfer of data. These reports cover IT General controls and controls around availability, confidentiality, and security of customer data.
Fond’s operations, policies, and procedures are audited regularly to ensure Fond meets and exceeds all standards expected of service providers. Fond operates in compliance with SOC 2 to ensure your data is protected, available, and secure. The SOC 2 audit, conducted by Schellman and Company, validates Fond’s physical and environmental safeguards for production data centers, backup and recovery procedures, software development processes, and logical
Fond’s SOC 2 report is available on request.