The GDPR requires that data controllers (such as organizations and developers using ANKO's services) only use data processors (such as ANKO) that process personal data on the data controller's behalf and provide adequate guarantees to meet specific requirements of the GDPR. ANKO provides these commitments to all our customers by incorporating ANKO's Data Processing Addendum into the ANKO Technologies Terms of Service.
ANKO contractual commitments relevant to the GDPR:
- ANKO strives to be transparent and commits to use personal data only as stated in our agreement about delivering our services or as otherwise instructed by our customers.
- ANKO maintains appropriate technical and organizational security measures to protect the personal data we process.
- ANKO assists customers in fulfilling their obligations when data subjects exercise the rights attached to the personal data processed using our services (such as requests for information, access, rectification, and deletion).
International data transfer support
In July 2020, the Court of Justice of the European Union (the "CJEU") ruled on case C-311/18 (commonly referred to as the "Schrems II decision") concerning the validity of data transfers outside the EEA. The Schrems II decision stemmed from a complaint made by an Austrian data subject, Maximillian Schrems, concerning transfers of his personal data to the United States and the potential for U.S. government agencies to access his data.
In the Schrems II decision, the CJEU held that the EU-U.S. Privacy Shield framework no longer provided a lawful means to transfer personal data from the EEA to the United States.
But importantly, the CJEU also held that the European Commission's Standard Contractual Clauses (or "SCCs") — which form the basis of ANKO's international transfers — remain a lawful mechanism for transferring personal data from the EEA to non-EEA countries.
Following this decision, the European Commission published new SCCs in June 2021. ANKO has incorporated the new SCCs into applicable agreements following the transition periods specified by the European Commission (i.e., by 27 September 2021 for new contracts and by 27 December 2022 for existing contracts). Please see our Customer FAQs on the new SCCs for further information.
Specific reliable measures to ensure data protection
ANKO is committed to maintaining a high level of security:
- ANKO leverages various encryption technologies to protect data in transit and at rest.
- ANKO utilizes security measures to support our processing systems and services' ongoing confidentiality, integrity, availability, and resilience.
- ANKO takes measures to facilitate the restoration of availability and access to our processing systems and services promptly in case of a physical or technical incident.
- ANKO implements a process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures to support the security of the data we process.
ANKO provides its services with GDPR requirements at the front.
ANKO is committed to providing services that align with GDPR requirements and foster the protection of the personal data processed through our services.