GDPR Compliance

Our Commitment to Data Protection

Your Data, Protected by Design

At Avantwerk, we take data protection seriously. We're fully committed to complying with the General Data Protection Regulation (GDPR) and ensuring your personal data — and the data of your customers — is handled with the highest standards of security and transparency.

GDPR Compliant AES-256 Encryption EU Data Residency

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on 25 May 2018. It applies to all organisations that process personal data of individuals in the European Union, regardless of where the organisation is based.

The GDPR is designed to give individuals more control over their personal data and to create a unified data protection framework across Europe. It establishes strict requirements for how organisations collect, store, process, and protect personal data.

Why It Matters for Your Business

When you use Avantwerk to manage customer relationships, send marketing communications, or build your online presence, you're handling personal data. GDPR compliance isn't just a legal requirement — it's a commitment to your customers that their data is safe with you.

Our Role in Data Processing

Understanding the relationship between you and Avantwerk is essential for GDPR compliance. Here's how it works:

C

Data Controller

You (Our Customer)

You decide what data to collect, why to collect it, and how to use it. You determine the purposes and means of processing.

P

Data Processor

Avantwerk

We process data on your behalf according to your instructions. We provide the tools; you control how they're used.

What is a Data Processing Agreement (DPA)?

A Data Processing Agreement is a legally binding contract between a data controller and a data processor. Under Article 28 of the GDPR, this agreement is mandatory whenever personal data is processed by a third party on behalf of a controller.

Our DPA establishes the framework for how we handle your data, including:

✓

Processing Scope

Defines exactly what data we process and for what purposes

✓

Security Measures

Technical and organisational protections we implement

✓

Sub-processors

Third parties we engage and their obligations

✓

Breach Notification

Our commitment to notify you within 72 hours

✓

Data Subject Rights

How we help you fulfil access and deletion requests

✓

International Transfers

Safeguards for data transferred outside the EU

How We Protect Your Data

Security isn't an afterthought — it's built into everything we do. Here are the key measures we implement:

E

Encryption

AES-256 at rest, TLS 1.2+ in transit

A

Access Control

Role-based permissions and MFA

B

Backups

Automated, encrypted, geo-redundant

L

Audit Logging

Comprehensive activity tracking

M

Monitoring

24/7 threat detection

I

Infrastructure

SOC 2, ISO 27001 certified

International Data Transfers

Some of our infrastructure providers are based in the United States. To ensure your data remains protected when transferred internationally, we use:

Standard Contractual Clauses (SCCs)

These are EU-approved contract terms that ensure adequate protection for personal data transferred outside the European Economic Area. We've incorporated the latest SCCs (EU 2021/914) into our DPA.

UK International Data Transfer Addendum

For transfers from the UK, we apply the ICO's International Data Transfer Addendum to ensure compliance with UK GDPR requirements.

Frequently Asked Questions

Do I need to sign a separate DPA?

Our Data Processing Agreement is incorporated into the Terms of Service that you accept when creating an Avantwerk account. You can download and review the full DPA at any time from this page.

How do I exercise data subject rights for my contacts?

The Avantwerk platform provides built-in tools to manage data subject requests. You can search, export, rectify, or delete contact data directly from your dashboard. For bulk requests or assistance, contact our support team.

What happens if there's a data breach?

We commit to notifying you within 72 hours of becoming aware of any personal data breach affecting your data. We'll provide all information needed for you to meet your regulatory obligations and work with you on investigation and remediation.

Can I request an audit?

Yes. Under our DPA, you have the right to audit our compliance. We'll provide documentation and cooperate with reasonable audit requests. Contact us to arrange an audit with reasonable advance notice.

What are my responsibilities as a data controller?

As the controller, you're responsible for ensuring you have a lawful basis to collect and process data, obtaining necessary consents, providing privacy notices to your contacts, and responding to data subject requests. We provide the tools to help you fulfil these obligations.