At Fond, protecting our customers’ data is our highest priority, and we believe our customers have the right to know when and how we use their data. Fond continues to demonstrate our commitment to data security and privacy through implementation of standards including GDPR, Privacy Shield, and SOC 2.
The General Data Protection Regulation (GDPR) is a European Union (E.U.)-based privacy law that took effect on May 25, 2018 governing the ownership of data and data subjects (users). GDPR establishes guidelines for a user’s rights to correct their data, remove their data, receive a copy of data acquired by companies, and have visibility into how their data is used.
Fond has performed a comprehensive evaluation of GDPR requirements and enhanced our privacy and security practices to ensure compliance with GDPR, including:
- Employee training on security and privacy practices
- Providing data transfer methods to customers
- Performing privacy impact assessments
- Maintaining records of processing activities
- Providing mechanisms to efficiently handle data subject requests
Fond continues to monitor GDPR to ensure that our programs remain in compliance.
Key principles emphasized in Privacy Shield:
- Clear safeguards and transparency obligations on U.S. government access
- Strong obligations for companies handling data
- Effective protection of individual data rights, including redress options for E.U. citizens
- An annual joint-review by the European Commission and the U.S. Department of Commerce
The American Institute of Certified Public Accountants (AICPA) Service Organization Controls (SOC) reports give assurance over control environments as they relate to the retrieval, storage, processing, and transfer of data. These reports cover IT General controls and controls around availability, confidentiality, and security of customer data.
Fond’s operations, policies, and procedures are audited regularly to ensure Fond meets and exceeds all standards expected of service providers. Fond operates in compliance with SOC 2 to ensure your data is protected, available, and secure. The SOC 2 audit, conducted by Schellman and Company, validates Fond’s physical and environmental safeguards for production data centers, backup and recovery procedures, software development processes, and logical
Fond’s SOC 2 report is available on request.