Overview

Xtremepush prioritises customer trust. We know that customer data is important to our customers’ values and operations. That is why we keep it private and safe.

Xtremepush helps customers maintain control of their privacy and data security in a range of ways:

• Data Security: We provide our customers compliance with high security standards, such as encryption of data in motion over public networks, hosting at Tier IV or III+, and ISO 27001, ISO 9001, ISO 27017 and ISO 27018 compliant facilities, Distributed Denial of Service (“DDoS”) mitigations, operation of a mature Information and Security Management System, and an Engineering team that is on-call 24/7 to respond to security alerts and events.

• Access Management: Xtremepush provides an advanced set of access features to adhere to the principle of least privilege and help customers effectively protect their information. We do not access or use customer content for any purpose other than providing, maintaining and improving the Xtremepush services and as otherwise required by law.

• Data Hosting Locality: Customers who purchase our Private Cloud Solution have the ability to select the region (from the available Xtremepush regional options) where the data center which hosts their Service Data is located. On Premises solutions can also be provided to those who need to host internally.

• Disclosure of Customer Service Data: Xtremepush only discloses Service Data to third parties where disclosure is necessary to provide the service(s) or as required to respond to lawful requests from public authorities in accordance with our Data Processing Agreement.

Xtremepush GDPR Product Readiness

The General Data Protection Regulation (GDPR), which goes into effect on May 25, 2018, provides data subjects with an array of privacy rights, which provide individuals with greater transparency into and control over uses of their personal information.

The Purpose of the GDPR Obligation is to:

• Ensure transparent communication with data subjects regarding the processing of their personal data.
• Ensure data subjects are notified of their rights under the GDPR.

Exceptions to the GDPR Obligation:

• A data controller is exempt from these obligations if it cannot identify which personal data in its possession relates to the relevant data subject (i.e., if personal data is anonymized and cannot be re-identified).

We have prepared a series of guides to details how the Xtremepush product suite aligns with your customers privacy rights and where you can learn more about the features and functionality made available in Xtremepush’s products that support a GDPR compliance program. We have broken the guides down by individual rights enjoyed by customers.

• The Right To Be Informed
• Right to Rectification
• Right to Access
• Right to Restrict Processing
• Right to Erasure

It is important that access to the features that allow you to support a GDPR compliance program is through appropriate roles with least privilege. And also that you have an audit trail of user actions related to servicing data subject requests like data rectification and deletion. With that in mind appropriate user access management and audit trail supports are also in place.

• User Access Management and Audit Trails

Note: These features and functionalities are currently available. As we approach May 25, 2018 (GDPR Effective Date) and beyond, Xtremepush will be updating and adding features and functionalities to further support our customers with their GDPR compliance programs if needed.