On May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) will go into effect, and Mitek Systems is ready. As your trusted data processing partner, we’re committed to helping our customers on their GDPR compliance journey. As such, we are pleased to share additional updates and legal notices about how Mitek has prepared for GDPR. Across our product portfolio, Mitek operates as a “Data Processor” of personal information, and seeks to establish transparent, privacy-centric relationships with our customers (as "data controllers") and our partners.
Key Product and Security Information:
All Mitek cloud-based products offer customizable data retention configurations which ensures that consumer data is only retained for the period of time allowed by our contractual agreements. All consumers personal information is removed upon expiration of this retention period. Some customers may choose to store data with Mitek for longer periods to help meet their regulatory requirements. In all cases, customer data is always encrypted whether in transit or at rest on Mitek servers using the latest encryption technology and techniques. Security of our customer data is our highest priority and is substantiated by multiple certifications including ISO27001:2013 and SOC 2 (June 2018).
Policies and Processes:
In support of the new privacy options available to consumers in the EU, we have updated our policies and internal processes to ensure our compliance with GDPR requirements and to easily facilitate the privacy related requests from our customers. Specifically, EU residents can perform their rights and may request removal of their personal information from our systems. Mitek is committed to removing this data in an expeditious manner and will do so regardless of residency. More detailed procedures will be sent to our customers separately.
In order to retain the confidentiality of your personal data Mitek has NDA's, a code of conduct & screening in place and conducts privacy training as part of their security program to raise privacy awareness among its personnel.
Data Processing Agreements & Legal Updates:
We offer GDPR-compliant Data Processing Agreements for all customers and partners for whom we process personal data in the EU. Updates in the DPA's you will find are referrals to the new legislation, data subjects rights, audit rights, sub processors, data storage & specifications of processing.
Read our blog post on GDPR as an opportunity for improvement here.
We have registered with both the Swiss and EU Privacy Shield and are committed to ongoing compliance with the privacy principles included therein.
Should you have any questions, please contact us at firstname.lastname@example.org.