The GDPR is the new data protection legislation which becomes applicable in the European Union starting May 25th, 2018, replacing the previously existing European rules and regulations.
The GDPR sets out a unified legal framework for the protection of EU natural persons with regard to the processing of their Personal Data.
Personal Data (“Personal Data”), as defined in article 4.1 of the GDPR, means any information relating to an identified or identifiable natural person.
An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. These identifiers include, but are not limited to, email addresses, physical addresses, IP addresses etc.
eFront has always taken the protection of its clients’ data very seriously and is actively working on becoming compliant with the GDPR. A task force has been setup to review eFront’s internal processes in order to understand in detail which measures should be implemented to ensure compliance with the GDPR.
eFront has put in place a Data Processing Agreement (“DPA”) to provide, in accordance with the applicable data protection laws, a contractual framework for the collection and the processing of Personal Data of its clients, who act as data controllers when using the eFront technology and services to which they subscribed. In this respect, the DPA sets out the technical and organizational measures which eFront has implemented in order to protect the Personal Data of its clients.
eFront Technology is not meant to collect and process Personal Data.
When the collection and processing of Personal Data does happen, eFront, as a data processor, collects and processes, under clients’ instructions, clients’ Personal Data through the eFront technology subscribed to by clients, which may include software as a service (SaaS), mobile applications and software hosted by eFront (“eFront Technology”), as well as while providing to clients maintenance and support services and related professional services, if applicable. Therefore, the processing and collection of clients’ Personal Data by eFront is only done under the instructions of the clients and for the purposes of making the functionalities and associated services to which the clients subscribed available to them.
eFront has always built its technology with the objective of safeguarding the security and confidentiality of Personal Data of its clients. The eFront Technology includes a functionality enabling clients to define which Personal Data can be used and to allow them to limit the collection of Personal Data to the specific purpose of the data processing defined by clients. Whenever necessary, Personal Data fields can be configured. The storage of Personal Data can be limited, and clients responding to data subject requests are able to manually access the data, add, rectify, delete or export the data. With the GDPR, eFront will continue to work on improving its products with the view of providing standard functionalities allowing clients to comply with their privacy by design obligations.
eFront implements and maintains an information security management system to secure its clients’ Personal Data that is processed by eFront in the framework of the services subscribed to by clients. Where clients’ Personal Data is hosted by eFront, eFront relies on the technical and organizational measures implemented by Amazon Web Services, which offer various features to secure clients’ Personal Data.
eFront is also ISO 27001 compliant and SOC 2 Type II audited. The technical and organizational measures are detailed in the DPA which is attached to eFront’s general terms and conditions.
For clients located within the European Economic Area (“EEA”), the servers hosting the clients’ Personal Data are located within the European Union. For clients located outside the EEA, the servers are located outside the EEA, but the location may vary either depending on the clients’ specific requests, which are determined during contract negotiations.
eFront is Privacy Shield certified to secure the transfer of clients’ Personal Data to the United States. Clients also have an option to enter into Standard Contractual Clauses for the transfer of Personal Data outside the EEA. Finally, eFront is currently working on implementing Binding Corporate Rules to secure all transfers within the eFront group.
eFront may appoint sub-processors as described in the DPA. In case eFront appoints a new sub-processor during the term of a client’s agreement, the client will be able to object to such sub-processing in accordance with terms and conditions set out in the DPA.
Although the appointment of a DPO is not an obligation for eFront under the GDPR, eFront aims at providing clients with a single point of contact to address any data protection issues.
Under the GDPR, eFront has to comply with its obligations as the data processor. eFront will circulate a variation letter to vary the terms of all agreements with the existing client-sin order to reflect its obligations under the GDPR.
Please read this page before proceeding, as it explains certain restrictions imposed by law on the distribution of this information and the jurisdictions in which our products and services are authorised to be offered or sold. It is your responsibility to be aware of and to observe all applicable laws and regulations of any relevant jurisdiction.
By confirming that you have read this important information, you also:
(i) agree that all access to this website by you will be subject to the disclaimer, risk warnings and other information set out herein; and
(ii) agree that you are the relevant sophistication level and/or type of audience intended for your respective country or jurisdiction identified below.
The information contained on this website (this “Website”) (including without limitation the information, functions and documents posted herein (together, the “Contents”) is made available for informational purposes only.
The Contents have been prepared without regard to the investment objectives, financial situation, or means of any person or entity, and the Website is not soliciting any action based upon them.
This material should not be construed as investment advice or a recommendation or an offer or solicitation to buy or sell securities and does not constitute an offer or solicitation in any jurisdiction where or to any persons to whom it would be unauthorized or unlawful to do so.
Access Subject to Local Restrictions
The Website is intended for the following audiences in each respective country or region: In the U.S., public distribution. In Canada, public distribution. In the UK, professional clients (as defined by the Financial Conduct Authority or MiFID Rules) and qualified investors only and should not be relied upon by any other persons. In the EEA, professional clients, professional investors, qualified clients and qualified investors. For qualified investors in Switzerland, qualified investors as defined in the Swiss Collective Investment Schemes Act of 23 June 2006, as amended. In Singapore, public distribution. In Hong Kong, public distribution. In Japan, Professional Investors only (Professional Investor is defined in Financial Instruments and Exchange Act). In Australia, public distribution. In Brunei, Indonesia, Philippines and Malaysia, Institutional Investors only. In Latin America, institutional investors and financial intermediaries only (not for public distribution). In Mexico, institutional and qualified investors only (not for public distribution).
This Contents are not intended for, or directed to, persons in any countries or jurisdictions that are not enumerated above, or to an audience other than as specified above.
This Website has not been, and will not be submitted to become, approved/verified by, or registered with, any relevant government authorities under the local laws. This Website is not intended for and should not be accessed by persons located or resident in any jurisdiction where (by reason of that person’s nationality, domicile, residence or otherwise) the publication or availability of this Website is prohibited or contrary to local law or regulation or would subject any BlackRock entity to any registration or licensing requirements in such jurisdiction.
It is your responsibility to be aware of, to obtain all relevant regulatory approvals, licenses, verifications and/or registrations under, and to observe all applicable laws and regulations of any relevant jurisdiction in connection with your access. If you are unsure about the meaning of any of the information provided, please consult your financial or other professional adviser.
No information on this Website constitutes business, financial, investment, trading, tax, legal, regulatory, accounting or any other advice. If you are unsure about the meaning of any information provided, please consult your financial or other professional adviser.
BlackRock shall have no liability for any loss or damage arising in connection with this Website or out of the use, inability to use or reliance on the Contents by any person, including without limitation, any loss of profit or any other damage, direct or consequential, regardless of whether they arise from contractual or tort (including negligence) or whether BlackRock has foreseen such possibility, except where such exclusion or limitation contravenes the applicable law.
You may leave this Website when you access certain links on this Website. BlackRock has not examined any of these websites and does not assume any responsibility for the contents of such websites nor the services, products or items offered through such websites.
Intellectual Property Rights
Copyright, trademark and other forms of proprietary rights protect the Contents of this Website. All Contents are owned or controlled by BlackRock or the party credited as the provider of the Content. Except as expressly provided herein, nothing in this Website should be considered as granting any licence or right under any copyright, patent or trademark or other intellectual property rights of BlackRock or any third party.
This Website is for your personal use. As a user, you must not sell, copy, publish, distribute, transfer, modify, display, reproduce, and/or create any derivative works from the information or software on this Website. You must not redeliver any of the pages, text, images, or content of this Website using “framing” or similar technology. Systematic retrieval of content from this Website to create or compile, directly or indirectly, a collection, compilation, database or directory (whether through robots, spiders, automatic devices or manual processes) or creating links to this Website is strictly prohibited. You acknowledge that you have no right to use the content of this Website in any other manner.
Investment involves risks. Past performance is not a guide to future performance. The value of investments and the income from them can fall as well as rise and is not guaranteed. You may not get back the amount originally invested. Changes in the rates of exchange between currencies may cause the value of investments to diminish or increase.