iVention processes data, in that we, among others, manage iVention Lab Execution System (iLES) applications and -databases for clients. It is therefore our responsibility to handle the personal data in all systems with care. iVention has made a commitment to be a security-conscious organization recognizing the value of security and privacy in conducting its business, and to ensure the safety, security and protection of client data and to comply to the GDPR in particular.
iVention either already meets or is implementing the obligations as a data controller and as a data processor. We are setting up and concluding our registers of processing activities. As a data processor, iVention only processes personal data in accordance with client’s permission and instructions as set out in agreements. We are currently updating the Data Processing Agreements with our suppliers and clients to account for GDPR requirements.
Furthermore, iVention has a long-standing practice of developing and maintaining its software according to the principles of ‘privacy by design’ and ‘privacy by default’. For example, our iLES software facilitates pseudonymization, custom-made opt-ins, access through two-factor authentication, and making information accessible to a controller when data subjects exercise their rights under the GDPR.
Lastly, we have implemented a set of technical and organization measurements, including certified information security processes and controls according to ISO/IEC 27001 to help protect the (personal) data entrusted to us.