Customer information regarding transfer of personal data to third country and the Schrems II case

Atea values data privacy and being a trustworthy supplier we are committed to keep your data secure. In a recent decision, the European Court of Justice ruled in Case C-311/18 (the “Schrems II case”) that the EU-US Privacy Shield Agreement does not provide adequate protection for personal data when transferred to the US. The invalidation of the Privacy Shield means that personal data controllers within the EU, are no longer allowed to transfer personal data to recipients in the United States on the basis of the Privacy Shield.

Because the court’s judgement had immediate effect, customers have asked how this decision impacts Atea, including our actions taken to ensure that the transfers of data are valid.

Accordingly we review the legal mechanism we use for third-country transfers in our agreements to align with Schrems II court decision. This means that we perform risk assessments for each U.S.- based vendor and sub-processor for required level of protection and use of Standard Contractual Clauses to comply with Chapter V of the General Data Protection Regulation on the transfer of personal data to third countries.

Compliance with GDPR

GDPR (General Data Protection Regulation) is the EU regulation for protection of personal data that came into force on May 25th, 2018 and it has replaced the 95/46/EC Directive for protection of personal data. Regulation has strengthened the rights that EU citizens have over their personal data.

Atea is committed to protect the privacy and security of the personal data of our customers and employees. Like many others, Atea works hard to ensure that the Atea Privacy Program meets the highest standards of data protection.

This is not a new effort for us, but rather a continuous commitment to our customers and employees regarding our data collection, use, retention, and sharing practices. This is also a continuous commitment to implement appropriate technical security measures to protect all Atea interested parties. Atea has full transparency on the Atea Privacy Program.

Atea builds on the foundation and discipline necessary to provide solutions that fuse technology, creativity, and values with extended embedded privacy and security by design.

The Atea Privacy Program is managed by a corporate governance structure with local DPOs in every Country Atea operates in. Atea’s corporate governance structure ensures engagement from senior management on data privacy and security issues, alignment of policies, procedures and technical controls.
Atea Group executes GDPR audit on every Atea Countries to control compliance with GDPR on yearly basis. Findings from GDPR audit are monitored for completion to improve and increase the GDPR compliance level within Atea.

Review: 09.04.2021