Acquire provides services in the European Economic Area (“EEA”) and United Kingdom (“UK”), and thus we are committed to compliance with data protection regulations in the EEA and UK. At Acquire we collect, process, and transfer personal data in accordance with the General Data Protection Regulation and UK General Data Protection Regulation (collectively, “GDPR”). Acquire is here to help customers and end users understand the GDPR and our adherence to its requirements.
Introduction to GDPR
The GDPR covers the personal data of individuals located in the EEA and UK, known as data subjects, and imposes obligations on businesses that process that data to protect it and to offer data subjects rights in the personal data belonging to them. Businesses that violate their obligations under the GDPR stand to incur significant financial penalties. Regulators in the EEA can issue fines of up to € 20 million or 4% of annual global turnover, whichever is higher.
GDPR Application
The GDPR applies to personal data collected from data subjects in the EU and UK.
Acquire’s Compliance to GDPR
We work to protect personal data in accordance with the principles mentioned below.
| 1. Lawfulness, fairness, and transparency | We have a lawful basis to process personal data, we only process personal data in ways that data subjects would reasonably expect, and we are open with data subjects about how and why we process their personal data. |
| 2. Purpose Limitation | We collect data for specified, explicit, and legitimate purposes and do not further process personal data in a manner that is incompatible with those purposes. |
| 3. Data Minimization | We ensure that the personal data we process is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed. |
| 4. Accuracy | Any data we hold is accurate and kept up to date. |
| 5. Storage Limitation | We do not keep personal data in a form that permits the identification of data subjects for longer than is necessary for the purposes for which the personal data is processed. |
| 6. Security | Personal data is securely processed, thus protecting against unauthorized or unlawful processing, accidental loss, destruction, or damage, using appropriate technical and organizational measures. |
| 7. Accountability | We have appropriate measures in place to demonstrate our compliance with the GDPR. |
As part of implementing the processing principles noted above, Acquire offers opportunities for data subjects to exercise the rights available to them under the GDPR, including:
| GDPR Rights | Compliance by Acquire |
| Right to be Informed | Acquire’s Privacy Policy provides transparent notice to data subjects about how and why we process their personal data. |
| Rights to Access and Rectification | Acquire offers data subjects the right to obtain a copy of their personal data and the right to amend inaccuracies or rectify any errors in their personal data. |
| Right to be Forgotten | Data subjects can request deletion of their personal data. |
| Right to Restrict Processing | Data subjects have the right to request the restriction of processing of their personal data. |
| Right to Data Portability | We provide data subjects with the right to receive personal data they have provided to us in a structured, commonly used, and machine readable format, and to transfer their personal data between data controllers. |
| Right to Object to Processing | Acquire has documented and implemented internal mechanisms to stop processing upon specific data subject requests, including for direct marketing purposes. |
Frequently Asked Questions
| What is Personal Data? | Any information relating to an identified or identifiable natural person (data subject), such as name, address, email address, phone number, educational background, financial details, educational details, nationality, etc. |
| Who are Data Controllers, Data Processors, and Data Subjects? |
|
| What does a Data Protection Officer (DPO) do? Do you have a dedicated DPO? | The DPO is responsible for informing employees of their compliance obligations, as well as conducting awareness trainings, monitoring, and audits required under GDPR. Acquire has a dedicated DPO. For any queries related to GDPR compliance contact our DPO at ashka@acquire.io. |
| Do you have processes in place for data breaches? | Yes, we have data breach procedures in place that enable us to respond quickly to contain and mitigate breaches and notify affected parties as necessary and within statutory timeframes. |
| For how long do you store personal data? | We store personal data for as long as necessary to conduct business with or on behalf of data subjects, as needed for the purposes outlined in our Privacy Policy, or as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. |
| How do you handle Data subject’s rights? | Please see the “Acquire’s Compliance with the GDPR” section above. |
| Where do you store personal data? | The personal data we process is stored in data centers hosted by Amazon Web Services located in the US, Europe, Canada, and India. |
| Does GDPR require EEA data to stay in the EEA? | Data transfers from the EEA and UK can be legitimized in various ways, including by execution of the Standard Contractual Clauses. We have adopted the Standard Contractual Clauses in our Data Protection Addendum (DPA). |