OPSWAT GDPR FAQ

OPSWAT has always been committed to customers' privacy rights, and our compliance with GDPR is a natural extenstion of that commitment. Below are answers to some commonly asked questions about OPSWAT's GDPR compliance and our privacy policy in general

Is OPSWAT GDPR Compliant?

Yes, OPSWAT is GDPR compliant, both as a trusted data controller and as a trusted data processor.

As a business focused on a great experience for our customers, we need to collect and store certain data about our users in order to properly serve them. However, our privacy policy and internal process are designed to limit the dissemenation of any personal information beyond the business systems required to service our customers. Our business systems are all thrird party data processors that guarantee their ability to i mplement the technical and organizational requirements of the GDPR. Built onto these policies and systems are GDPR specific processes to execute GDPR related transactions upon request of any person that has done business with OPSWAT.

As a manufacturer of state-of-the-art products and online services used by our customers, including products that our customers use specifically to manage data of their related parties (employees, partners, customers, prospects), our products collect and store some user specific data. The data collected and stored is oultined in the product specific sections of the OPSWAT Privacy Policy

How does OPSWAT protect users' privacy and keep that information secure?

As a company which develops and markets cyber security products we take very seriously issues associated with information security, including keeping private the personal data of our users, customers, partners and employees. Our approach to securing personal data is based on both following the guidelines of United States National Institute of Standards and Technology Cyber Security Framework and also the mandates of the European Union General Data Privacy Regulation (GDPR). We employ a combination of best of breed cyber security products, including our own, together with a comprehensive set of internal policies and procedures to collect, store and restrict access to all personal data.

Is the OPSWAT GDPR policy specific only to citizens and residents of the EU?

OPSWAT's privacy policy applies to all of the parties (customers, prospects, partners, vendors, employees, etc.) we work with, regardless of whether those parties are part of the GDPR regulatory scope.

How can I exercise my Personal Privacy Rights with OPSWAT?

OPSWAT.com provides a link to "Request About My Personal Data" (https://go.opswat.com/myuserright) that will allow users who have interacted with OPSWAT to request OPSWAT to delete, restrict, access, and/or rectify your data. This page is a person's starting point for all data privacy related transactions between you and OPSWAT, the company.

How can I exercise my Personal Privacty Rights at a company that uses OPSWAT products to manage data that pertains to me?

If you interact with a company that uses OPSWAT products to manage data, and you want to exercise your privacy rights as it relates to that data, you must contact the company that manages your data; i.e. OPSWAT's customer. OPSWAT provides tools and services to our customers that allow them to manage the data on our systems to comply with GDPR, but OPSWAT itself cannot manage the data directly. In this context, OPSWAT has the role of what the GDPR terms "Data Processor", whereas the company collecting and managing the data is the "Data Collector"; You must initiate your privacy rights with the "Data Collector"

What does OPSWAT do with data we collect?

Internally, OPSWAT uses industry leading, GDPR compliant, 3rd party business systems to manage our relationship with our customers, typically businesses, and the people representing those businesses; these are Marketing systems, Sales systems, and Support systems that all use some personal data to better serve our user community.

Externally, OPSWAT hosts several products that, by the nature of the services the products provide, collect some user data. For products and services available to the general public, our systems anonymize any user data we collect, so that any person accessing this data does not get access to any personal information associated with that data. For products and services that are used by business entities to manage user data, any data collected and stored on our systems is only accessible to that specific business, and we provide those businesses the tools and processes required for them to be GDPR compiant