SQream is GDPR Compliant End-to-End

So what is GDPR, and to whom does GDPR apply? The General Data Protection Regulation (EU) 2016/679 (entered into force on 25 May 2018) is an EU regulation that requires any company that processes EEA individuals’ personal data to implement the GDPR requirements. Personal data is information that relates to an identified or identifiable individual. To ensure the personal data will be safe under GDPR, a company needs to ensure that personal data will be protected under technical and organizational measures, to assimilate procedures and policy, and to ensure privacy by design methods.

SQream’s technology significantly accelerates the analytic processing of massive volumes of data. We operate through SQL infrastructure as well as SaaS solutions services. SQream does not directly process personal data or aggregate personal data but may have access to our client’s data. Still, we fully implement GDPR to ensure complete protection of personal data. We are acting on behalf of our customers’ demands only (The Controllers).

We take GDPR seriously. SQream has taken all necessary measures to ensure complete protection of our controllers’ data. We have implemented organizational and technical measures to ensure that the organization’s data flow will be maintained and secure. We implemented full procedure protocols to comply with GDPR demands (data breach procedure, data subject access request procedure, employees training procedures, and more). We also implemented all the necessary policies (privacy policy, retention policy, data transferring policy, data breach policy, cookie policy, and more). All our employees in the organization are well acquainted with the procedures and know how to respond in real-time to a data breach event or subject access requests that may occur.

We never act on our own in the context of collaborations with our customers, but rather we only follow their direct instructions, and follow GDPR-compliant agreements. We make sure that all our customers throughout the EEA operate according to GDPR, as well as in situations where we work in cooperation with other third parties (co-processors, sub-processors, web services, cloud platforms, marketing software or analysis platforms). We use the AWS, GCP and Azure cloud platforms, all of which are fully GDPR compliant.

As part of our website’s management, we may directly collect personal data from time to time, in which case we operate under the GDPR rules as a full controller. We collect data from our website in situations where we must respond to inquiries from visitors.

Only with the visitors’ express consent, cookies may be used to improve the browsing experience. We act in full accordance with the cookie policy. Any visitor may opt-out of this service at any time.

For marketing and analytics purposes, we share information with Google Analytics, HubSpot, HotJar, etc. These organizations implement GDPR most strictly. No data is collected on visitors to our site without express consent.

We adopted privacy by design (PbD) principles to govern our collection, use, retention, transfer, disclosure, and destruction of personal data:

What are your rights?  Under GDPR, you are entitled to rights as an EEA resident including the right to be informed, the right of access, the right to rectification, the right to erasure, the right to restrict processing, the right to data portability, the right to object to processing, the rights in relation to automated decision making and profiling.

If you believe that any of your above rights have been violated because of our direct or indirect actions, please do not hesitate to contact us immediately:
Avner Paz-Tsuk
[email protected]
94 Yigal Alon, Tel Aviv, Israel
+972-3-544-4871

You may also contact the local supervisory authority, but we would appreciate it if you could contact us before and allow us to give an appropriate response on the matter.

You can read more about our privacy policy here.

We are committed to our clients and their data.