GDPR
Does Cedar Silicon comply with the General Data Protection Regulation for EU customers?
Cedar Silicon is committed to compliance with the General Data Protection Regulation (GDPR), the EU data privacy regulation that went into effect May 25, 2018. The regulation gives EU citizens more control over their data.
In our continued effort to help our customers with their GDPR compliance, we hope that this page will be useful for our customers to better understand Cedar Silicon’s commitment to privacy.
Our legal and security experts have closely analyzed the requirements of the GDPR and continue to monitor new guidance on best practices for implementing the requirements of the GDPR.
What Cedar Silicon is doing
Cedar Silicon implemented its company-wide GDPR compliance strategy ahead of the May 2018 due date. Below are a few examples of initiatives Cedar Silicon has committed to in order to satisfy GDPR requirements that apply to both Cedar Silicon and our customers:
- We are maintaining an information security policy comparable with ISO27000 seriesstandards and we are maintaining security in the delivery of our Services in accordance with SOC2 standards (or any successor standards). These standards mirror many of the security and privacy requirements of GDPR and will help give our customers a transparent framework to measure our development and data management practices. Assurance that Cedar Silicon maintains and follows these standards are affirmed through our annual audit. For more detailed information, contact privacy@cedarsilicon.com.
- When processing personal data regulated under GDPR, we commit to follow any additional security and privacy measures required under GDPR. For more detailed information, contact privacy@cedarsilicon.com.
- Where we are transferring personal data outside of the EU, we are committing to implement appropriate data transfer mechanisms as required by GDPR.
- We are committed to provide our authorized users with the ability to access, update, rectify, export and erase their personal information themselves.
- We are holding vendors that handle personal data to required data management, security, and privacy practices and standards.
- We are carrying out data impact assessments and consulting with EU regulators where appropriate.
- We are ensuring that Cedar Silicon staff that process customer personal data have been trained in handling that data and are bound to maintain the confidentiality and security of that data.
Please review our Privacy Policy for a detailed description of Cedar Silicon’s compliance steps with GDPR.
General Data Protection Regulation FAQs
Does Cedar Silicon process the personal data of its customers?
Yes, Cedar Silicon processes customer personal data to provide the products and services as set forth in our customer agreements and for other limited purposes enumerated in our Privacy Policy.
What personal data does Cedar Silicon process when providing its Services?
For most users, this is limited to “business card” information of users that register for the service - meaning their names and e-mail addresses, and an IP address. We may obtain your phone number if we need to reach out for a support issue, and you can put your picture or avatar on your account if you would like to personalize your interactions with other users.
Please bear in mind that as a service provider of software design, prototyping, and design management services, when building designs and prototypes with Cedar Silicon, Cedar Silicon does not process your end-customer data or have access to your internal IT systems. It is an industry standard to use ‘dummy data’ when building designs and prototypes, and this is a firm requirement under our terms of service with our customers.
What is Cedar Silicon’s role?
Where you are using our Services and making decisions about the personal data that is being processed in the Services (for example when uploading and using Customer Content, or selecting the Third Party Services you wish to connect to the Services), you are acting as a data controller and Cedar Silicon is acting as a data processor.
Where does Cedar Silicon store and process my data?
Our goal is to provide our customers with secure, fast, and reliable services. Today, Cedar Silicon stores data in its AWS data center located in the U.S. In order to bring you world class products, and to provide support and maintenance (e.g., 24x7 support coverage), Cedar Silicon may also allow employees and contractors located outside the U.S. to access certain data for product development, and customer and technical support purposes. We ensure that all such disclosures are compliant with the law and that all use will be for the limited purpose described.
How can I manage my personal data that is stored by Cedar Silicon?
You can contact us directly at privacy@cedarsilicon.com if you have any additional requests or questions.
Is Cedar Silicon E.U.-U.S. Privacy Shield Certified?
Cedar Silicon is not certified under EU-U.S. and Swiss-U.S. Privacy Shield with respect to the personal data we receive and process through our services, but Cedar Silicon adheres to the Privacy Shield principles including notice, choice, onward transfer, security, data integrity, access, and enforcement for personal data submitted by our customers in participating European countries through the services.
Does APMP enter into GDPR-compliant Data Processing Agreements (DPA)?
Cedar Silicon will enter into a DPA with our customers who have purchased a subscription to our Premium services or other SaaS Platforms via a written agreement. We provide a GDPR-compliant DPA that is tuned to our service, and we invite such customers to complete and execute our GDPR-compliant DPA - Cedar Silicon Customer Data Processing Addendum. Please request the Addendum from your Account Manager.
Additional resources
For additional information, we recommend starting with the following resources:
- Privacy:You own your data, and we’re committed to protecting your privacy.
- Security:Cedar Silicon maintains customer security as our highest priority.
- Compliance:We maintain strict standards for achieving legal, regulatory and industry compliance frameworks such as SOC, PCI and CSA-Star. Policies and reports: We actively promote our information security policy library allowing customers insight into our data handling requirements.
- More information:You can find more detailed information about the GDPR from the European Commission website.