iStaging GDPR Compliance Statement

Last update: August 27th, 2023

iStaging Commitment

Staging is committed to ensuring the privacy protection and security of the personal data we collect and process. By utilizing technical and managerial approaches, we have always had a consistent and compliant way in managing the protection of personal data. A GDPR Compliance Program is in place for guiding all processes and business activities to comply with GDPR and the data protection principles.

iStaging is dedicated to safeguarding the personal data processed by us, our systems and services, and to provide a robust and effective protection of the privacy of personal data in all services we offer to customers.

Our preparation and objectives for the compliance to GDPR are summarized in this compliance statement, including the development and implementation of data protection policies, procedures, the privacy protection organization, system monitoring and compliance audits which ensure maximum and ongoing compliance to GDPR.

We want to share with you here briefly how iStaging ensures compliance with GDPR.

iStaging Preparation:

Compliance Training – We have Compliance Training annually for all employees about the legal compliance requirements of GDPR and other IT security legislations. Ensure that all teams understand the requirements, how and why we collect, process, and retain the personal data, and understand how to legally use and protect the data.

Compliance Audit – We had Compliance Checking by external security and compliance experts (Technical Expert and EU Lawyer) of GDPR for all the data flows of services and operations. While Internal Audit team will review the effectiveness of our Compliance Program every year.

Information Security – We conduct technical assessments periodically or when there are new systems or services released. The assessments including:

Vulnerability Scans (Internal or External) Quarterly
Penetration Tests to Core Systems, Annually
Code Reviewing, Annually or before release

All assessments are conducted by security professionals.

Privacy Statements and Terms of Use – We have reviewed and updated our Privacy Statements and Terms of Use to ensure that all the individuals whose personal data we process have been informed about why we collect it, how the data will be processed and used, what their rights are, whom the information is disclosed to and what safeguarding measures are in place to protect their information. All the data processing details are communicated with the users of our services and all our processing with legal basis and transparent to our users.

Data Subjects Rights – We have reviewed our processes to ensure that the data subject’s rights are preserved including consent, subject access requests, right of erasure and correction.

Data Protech Officer – We have appointed a Data Protection Officer who is an independent officer in the personal data protection. Customer or our service users can contact the DPO directly for personal data relevant issues or questions.

Data Breaches – We have Incident Management procedures and exercises to ensure we have consistent and effective control procedures for handling the data breach, including the guidance for timely inform customers, users and the authorities.

If you have any questions about our GDPR compliance, please contact us via email at [email protected]