Spond and all Spond products are GDPR-compliant.
GDPR compliance and related legislation is a top priority for Spond. In addition to our internal resources, we use external privacy law experts and compliance technology.
GDPR is Built-in with Spond
While we see privacy compliance as continuous process, the main pillars of our privacy compliance efforts are:
We make privacy assessments prior to and during development of new features and services
We document our assessments and considerations
We are transparent about how we process personal data
We focus on competence and awareness within the organisation through training
More formally, in order to meet the legal requirements of the GDPR and other relevant privacy regulation, we have implemented an internal control system structured as follows:
The Steering documentation describes Spond's privacy strategy, roles and responsibilities and main principles of processing of personal data.
The Privacy policies and procedures describes procedures and work instructions that Spond have in place in order to process personal data in accordance with Spond’s privacy strategy and relevant privacy legislation.
The Monitoring documentation provides a check lists of privacy issues which Spond’s Data Protection Officer (“DPO”) must review at least annually to maintain an ongoing focus on privacy. The purpose of the checklists is to verify that the processing of personal data is carried out as described in the steering documentation, the privacy policies and procedures and relevant legislation.
You can read more about this in our various policies here: terms, privacy, data processing agreement.