Updated January 2024.
Quantium (Round Square Pte Ltd.) is committed to ensuring our platform is in compliance with the General Data Protection Regulation (GDPR). Our approach to GDPR compliance includes:
- Data Processing Assessment and Analysis: We’ve conducted a thorough review and mapping of our business systems and processes to align with GDPR requirements. This review focuses on minimizing the amount of personal data we collect and enhancing security, including the implementation of encryption and strict access controls, to ensure the safe and compliant handling of data.
- Policy and Notice Review: We’ve updated our company privacy policies to align with GDPR, enhancing transparency and compliance. These updates focus on improving user rights and clarifying our data handling practices.
- Data Hosting for EU Clients: For our EU-based clients, all data including front-end, back-end, and databases, are securely hosted in Microsoft Azure data center in the Netherlands. This hosting arrangement adheres to GDPR data sovereignty requirements.
- Data Utilized for Intended Purpose: We ensure that all personal data is processed only for the specific purposes for which it was originally collected. Our staff is thoroughly trained on these principles, and any potential change in data use is communicated to the concerned individuals in advance, fully adhering to Article 14 of the GDPR.
- Client Data Processing Addendums: GDPR-based Data Processing Addendums are available to our clients, detailing our data processing responsibilities. To request a Client DPA, please contact your Quantium Client Solutions Representative.
- Vendor Diligence and Data Processing Addendums: We perform due diligence on our third party data processing vendors, requiring compliance with GDPR, who are also required to be fully GDPR compliant.
- Data Breach Response: We have incorporated GDPR into our overall Incident Response Plan program and have conducted scenario-based training to prepare for potential situations that may require notification under GDPR. This plan includes immediate steps to investigate and address breaches, and a protocol for notifying affected parties within the GDPR’s 72-hour notification requirement.
- Product Development: Our product development incorporates privacy-by-design principles and GDPR compliance, focusing on data minimization and necessary impact assessments.
In conclusion, Quantium is dedicated to upholding the highest standards of data protection and privacy as mandated by the GDPR. Our ongoing commitment to these principles is integral to our operations and service to our clients.