Acquire provides services in the European Economic Area (“EEA”) and United Kingdom (“UK”), and thus we are committed to compliance with data protection regulations in the EEA and UK. At Acquire we collect, process, and transfer personal data in accordance with the General Data Protection Regulation and UK General Data Protection Regulation (collectively, “GDPR”). Acquire is here to help customers and end users understand the GDPR and our adherence to its requirements.
Introduction to GDPR
The GDPR covers the personal data of individuals located in the EEA and UK, known as data subjects, and imposes obligations on businesses that process that data to protect it and to offer data subjects rights in the personal data belonging to them. Businesses that violate their obligations under the GDPR stand to incur significant financial penalties. Regulators in the EEA can issue fines of up to € 20 million or 4% of annual global turnover, whichever is higher.
GDPR Application
The GDPR applies to personal data collected from data subjects in the EU and UK.
Acquire’s Compliance to GDPR
We work to protect personal data in accordance with the principles mentioned below
We have a lawful basis to process personal data, we only process personal data in ways that data subjects would reasonably expect, and we are open with data subjects about how and why we process their personal data.
We collect data for specified, explicit, and legitimate purposes and do not further process personal data in a manner that is incompatible with those purposes.
We ensure that the personal data we process is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
Any data we hold is accurate and kept up to date.
We do not keep personal data in a form that permits the identification of data subjects for longer than is necessary for the purposes for which the personal data is processed.
Personal data is securely processed, thus protecting against unauthorized or unlawful processing, accidental loss, destruction, or damage, using appropriate technical and organizational measures.
We have appropriate measures in place to demonstrate our compliance with the GDPR.
As part of implementing the processing principles noted above, Acquire offers opportunities for data subjects to exercise the rights available to them under the GDPR, including:
Acquire’s Privacy Policy provides transparent notice to data subjects about how and why we process their personal data.
Acquire offers data subjects the right to obtain a copy of their personal data and the right to amend inaccuracies or rectify any errors in their personal data.
Data subjects can request deletion of their personal data.
Data subjects have the right to request the restriction of processing of their personal data.
We provide data subjects with the right to receive personal data they have provided to us in a structured, commonly used, and machine readable format, and to transfer their personal data between data controllers.
Acquire has documented and implemented internal mechanisms to stop processing upon specific data subject requests, including for direct marketing purposes.
Frequently Asked Questions
Any information relating to an identified or identifiable natural person (data subject), such as name, address, email address, phone number, educational background, financial details, educational details, nationality, etc.
- Data Controller: Determines the purposes and means of the processing of personal data.
- Data Processor: Processes personal data on behalf of the Controller.
- Data Subject: Natural persons in the EEA or UK.
- Typically, Acquire operates as a data processor for customer controllers.
The DPO is responsible for informing employees of their compliance obligations, as well as conducting awareness trainings, monitoring, and audits required under GDPR. Acquire has a dedicated DPO. For any queries related to GDPR compliance contact our DPO at ashka@acquire.io.
Yes, we have data breach procedures in place that enable us to respond quickly to contain and mitigate breaches and notify affected parties as necessary and within statutory timeframes.
We store personal data for as long as necessary to conduct business with or on behalf of data subjects, as needed for the purposes outlined in our Privacy Policy, or as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Please see the “Acquire’s Compliance with the GDPR” section above.
The personal data we process is stored in data centers hosted by Amazon Web Services located in the US, Europe, Canada, and India.
Data transfers from the EEA and UK can be legitimized in various ways, including by execution of the Standard Contractual Clauses. We have adopted the Standard Contractual Clauses in our Data Protection Addendum (DPA).