The new GDPR regulations which came into force on the 25th of May 2018 put increased responsibilities onto data Controllers, one of which is fully understanding who is processing your data and how they are doing this.
This article will help you, the data Controller, understand how we act as a Processor of your data.
Companies that operate on the Vestd platform do so under our Company Terms, these form the contract that allow us to act as a processor of your data. Section 12 of the Terms details what we do with your data and how we help you comply with Article 28.
Vestd is a European company based in the UK and we use a number of Sub-Processors to help us process your data. In the situations where a Sub-Processor is based outside of the EEA we will have suitable contracts or arrangements in place to ensure the protections afforded to your data matches or exceeds those required by law. We will also have in place a data processing agreement detailing and confirming the requirements under Article 28.