Convier Pilot: Data Processing Activities and Security Measures
A pilot engagement will allow clients to test the Convier platform with their own data. The following outlines the data processing activities and our security measures in relation to a pilot engagement of the platform.
1 ROLES AND RESPONSIBILITIES
In a pilot engagement, Convier (”Data Processor”) will process data on behalf of the Client (”Data Controller”) to enable the Client to test the Convier platform with their own data.
The Convier pilot is designed to ensure robust data processing and stringent adherence to GDPR requirements. By implementing comprehensive security measures, detailed data processing activities, and strong governance structures, Convier ensures the protection of personal data, maintains compliance with General Data Protection Regulation ((EU) 2016/679) and the Norwegian Act on the Processing of Personal Data of 15.06.2018 (the Personal Data Act) with related regulations etc, and upholds the trust of its clients and their customer.
2 DATA PROCESSING ACTIVITIES
It is the client that determines what data to be processed. The data can be fully anonymised. This will be regulated in a Data processing agreement prior to initiating a pilot.
Data collection
- Client Data Submission: Clients submit (customer) data to Convier through a secure channel. This may include personal data such as names, email addresses, IP addresses, phone numbers and potentially sensitive information. Clients can choose to share anonymised data for a proof of concept engagement.
Data storage
- Secure Transfer: Data is securely uploaded to Convier’s Microsoft OneDrive, which uses encryption at rest (AES-256) to protect data integrity.
- Data Segregation: Customer data is segregated to ensure that data belonging to different clients does not intermingle.
Data transmission
- Encryption: Data in transit between the Convier demo instance and Convier’s Azure environment is encrypted to ensure confidentiality and integrity.
- Secure Channels: HTTPS/SSL is used for data transfers.
Data Integration and Processing
- Data integration: Client data is integrated to the Convier platform.
- Data Processing: Data processing activities include setup of data model, data views, risk indicators and report templates to enable users of the Client to explore data within the platform.
Data Access and Control
- Access Restriction: Access to customer data is restricted to named individuals with appropriate authorization.
- Audit Logging: Detailed logs of data access and processing activities are maintained to provide transparency and accountability.
Data Deletion
- Retention Policy: Data is retained only as long as necessary to fulfill the purposes for which it was collected.
- Secure Deletion: When data is no longer needed, it is securely deleted.
3 INFRASTRUCTURE AND SECURITY
For description of the data security measures of our platform, please refer to the Convier Data Platform Technical Description.
4 USE OF SUB-PROCESSORS
For the pilot, data will be hosted in Convier’s Microsoft OneDrive environment located in Norway. There are no other sub-processors involved in the proof of concept.
5 TRANSFER OF PERSONAL DATA OUTSIDE THE EU / EEA
All data is processed within the EU/EEA. Convier’s Microsoft environment is located in Norway.