GDPR Compliance

The General Data Protection Regulation (GDPR) is an EU regulation that governs how businesses collect, store and process EU citizens’ personal data. Clozd is committed to ensuring individual privacy and is GDPR-compliant in our collection, storage, and processing of personal data for all parties globally.

Relevant security and privacy measures are outlined below.

Consent & Processing

Clozd does not store or process personal data without the consent of the data subject and/or the written consent of our clients in accordance with legitimate interest allowances. Clozd only processes data as directed by clients and in accordance with our privacy policy and GDPR guidelines. Clozd does not sell, share, or rent personal data to third-parties, but may utilize relevant and compliant subprocessors.

Security Assessment

Clozd maintains technical and organizational security measures that  ensure the safeguarding of personal data against accidental or unlawful access, modification, and destruction. Clozd stores and processes personal data using ISO 27001 and SOC 2 certified infrastructure and encrypts data in transit and at rest. Our security whitepaper outlines the details of our technical, physical, and organizational security measures. Request a copy from your acount executive or program manager.

Rectification & Erasure

Clozd honors the fundamental rights of data subjects in accordance with GDPR guidelines including the rights of data rectification and erasure (the right to be forgotten). Clozd promptly honors data subject and/or client requests to modify or erase personal data. Clients may request, at any time, that data being stored and processed on their behalf by Clozd be permanently deleted from all systems and backups. Use the link below to submit a request.