At Navixy, we are committed to maintaining the highest standards of compliance with global data protection regulations. Our comprehensive compliance program ensures that we meet and exceed the requirements of various international, national, and industry-specific legal standards.
Key compliance areas
General Data Protection Regulation (GDPR)
As a company operating globally, we fully comply with the EU's General Data Protection Regulation (GDPR). This includes:
- Implementing data protection by design and by default
- Maintaining detailed records of data processing activities
- Conducting Data Protection Impact Assessments (DPIAs) where necessary
- Appointing a Data Protection Officer (DPO)
- Ensuring lawful bases for data processing
- Facilitating data subject rights (access, rectification, erasure, etc.)
California Consumer Privacy Act (CCPA)
For our operations involving California residents' data, we comply with the California Consumer Privacy Act (CCPA). This includes:
- Providing clear information about data collection and use
- Offering opt-out options for data sales (though Navixy does not sell personal data)
- Facilitating consumer rights requests (access, deletion, etc.)
- Maintaining appropriate security measures
Industry-specific compliance
Depending on the sectors we serve, we also adhere to various industry-specific standards, including:
- ISO 27001 for Information Security Management
- SOC 2 Type II for service organizations' data handling practices
- HIPAA for handling health-related information (where applicable)
Our compliance measures
Data protection and privacy
- Regular privacy impact assessments
- Privacy by design in all our products and services
- Strict data minimization and purpose limitation practices
- Comprehensive data subject rights management
Security measures
- Advanced encryption for data at rest and in transit
- Regular security audits and penetration testing
- Robust access control and authentication mechanisms
- Continuous security monitoring and incident response procedures
For more details on our security practices, please see our Security documentation.
Vendor management
We carefully select and monitor our vendors to ensure they meet our high compliance standards. For more information, see our Subprocessors page.
Employee training
All Navixy employees undergo regular training on data protection, privacy, and security best practices to ensure company-wide compliance awareness.
Transparency
We are committed to transparency in our data handling practices. Our Privacy Policy and Terms of Service provide clear information about how we collect, use, and protect data.
Compliance certifications and audits
We regularly undergo independent audits to verify our compliance with various standards. Our current certifications include:
- ISO 27001:2013 certification
- SOC 2 Type II attestation
- GDPR compliance certification
Staying current
Data protection regulations are constantly evolving. We have dedicated legal and compliance teams that continuously monitor regulatory changes to ensure our practices remain up-to-date.
Contact us
For any compliance-related inquiries or to request more information about our compliance program, please contact our compliance team at [email protected].
Last updated: September 19, 2024