GDPR and Akita

Akita will be meet or exceed the requirements specified in the EU's General Data Protection Regulation ("GDPR") by the May 25th deadline. This document outlines some of the steps we have taken to make certain that we comply with the new laws.

3rd-Party Sub Processors

We use services provided by 3rd-party vendors to help provide the Akita service and effectively run the Akita business. By the May 25th deadline, we will have entered into GDPR-compliant Data Processing Agreements with each of our vendors. You can find a list of these vendors here

Security Breach Response

In the event of a data breach, we will notify our customers in a timely manner as required by GDPR and outlined in our Data Processing Agreement.

Consent

We have updated our Privacy Policy and Cookie Policy to clearly identify what visitor and customer information we collect, how we collect it, and why we collect it. In addition we provide information about how you can disable these cookies.

Data Inventory

We have reviewed and identified where we are collecting and processing customer data on the Akita website and in the Akita service. For each instance we have identified our legal basis for collecting and processing this data. We have made certain that we have implemented network, software, and procedural safeguards to ensure the security of this data. Our Privacy Policy identifies what we are doing with the data we collect and how we manage consent.

Data Processing Agreement

We have incorporated a GDPR-compliant Data Processing Agreement into our overall Terms and Conditions. To continue using Akita, you must accept both the DPA and Terms and Conditions. Unfortunately we cannot sign Customer-provided DPAs as doing so would require prohibitively expensive outside legal assistance for each contract.

Data Protection Officer

Akita has appointed David Smith as its Data Protection Officer. He is registered with the Irish Data Protection Commission and is responsible for overseeing customer data security, privacy and GDPR compliance at Akita.

Data Protection Impact Assessments

For each new feature we implement we will determine if the new feature poses a risk to user privacy and the security of personal data. If the level of risk requires it, we will conduct a Data Protection Impact Assessment that describes the flow of sensitive data throught the application, identifies areas of risk, and outlines solutions to mitigate that risk. This DPIA will be signed off by Akita management and implemented as part of the project plan.

Easy to Understand Terms and Conditions and Privacy Policies

We will strive to provide Terms and Conditions and a Privacy Policy that transparently describes the personal data we collect and process and why, how we use it, who we share it with and how long we store it.

Right to Data Access, Portability and Deletion

Akita processes and stores all personal data in GDPR compliant manner using only GDPR-compliant Sub Processors. We store your data for 2 years unless your account is cancelled. In the event your account is cancelled we will delete your data in accordance with our Terms and Conditions.

GDPR requires you provide your users with the ability to access, update, retrieve and remove personal data. Upon request Akita will work with your team to delete or export any data you require. If you have integrated with a 3rd-party application, Akita may re-import that data. You may need to delete or update data in the connected application prior to deleting it from Akita.

Training

Akita has had regular, internal discussions concerning data privacy and GDPR compliance. Our product, sales, and marketing teams have researched and will continue to study ways to make sure Customer data is only used in compliance with GDPR.