Privacy & Compliance

Privacy Policy & GDPR

How REDA One LLC handles, protects, and processes your data — aligned with global data protection standards.

Effective: July 1, 2024 GDPR Compliant

REDA One and GDPR

Consistent with REDA One's commitment to the data privacy of its customers, we offer this overview of the EU General Data Protection Regulation (GDPR), which became effective July 1, 2024. This overview helps our customers and data subjects navigate the requirements of GDPR and understand how it impacts our relationships and the services we provide.

Who and What Does the GDPR Protect?

What is the GDPR?

The GDPR is a regulation passed by the European Union (EU) that dramatically expands the data privacy rights of EU citizens and imposes new obligations on businesses that collect, use, or store personal data regarding these EU citizens. It serves as a single set of privacy and security standards for the EU, replacing the previous patchwork of European privacy rules.

What Does It Protect?

The GDPR protects "personal data" regarding "data subjects." This includes any information related to a natural person that can be used to directly or indirectly identify that person. Examples of personal data include:

  • Financial information
  • Personal and family details
  • Education and employment information
  • Medical information

What Businesses Must Comply?

The GDPR applies to businesses that engage in certain activities concerning personal data and have established certain contacts with the EU.

GDPR Activities

GDPR applies to all "controllers" and "processors" of personal data. Processing refers broadly to any treatment of personal data, including collection, use, recording, storage, and disclosure. A controller determines the purposes and means of processing personal data, while the processor is responsible for processing personal data on behalf of a controller.

EU Contacts

A business is covered by the GDPR as a controller or processor if it meets at least one of the following conditions:

  • The business is established in the EU and processes personal data in the context of the activities of that establishment, regardless of where the processing takes place.
  • The business is not established in the EU, but offers goods or services to EU data subjects or monitors their behavior.

As a result, the GDPR can apply to processing of personal data that a business performs outside the EU.

Core Data Protection Principles

GDPR sets forth a set of core principles with which covered controllers and processors must comply when processing personal data:

Lawfulness, Fairness & Transparency Personal data must be processed lawfully, fairly, and in a transparent manner.
Purpose Limitation Personal data may only be collected for specified, explicit, and legitimate purposes.
Data Minimization Processing must be limited to data that is adequate, relevant, and necessary.
Accuracy Reasonable steps must be taken to ensure personal data is accurate and kept up to date.
Storage Limitation Personal data may only be stored as long as necessary for appropriate processing.
Integrity & Confidentiality Data must be processed with appropriate security against unauthorized access or loss.
Accountability The controller must be able to demonstrate compliance with all data protection principles.

Specific GDPR Requirements

Examples of specific compliance requirements that GDPR-covered businesses must meet include:

  • Obtaining consent of data subjects for data processing
  • Anonymizing collected data under certain circumstances to protect privacy
  • Providing data subjects with breach notifications
  • Safely storing and transferring protected data
  • Under certain circumstances, appointing a data protection officer to oversee GDPR compliance

The GDPR mandates a baseline set of standards for companies that handle EU citizens' data to better safeguard the processing and movement of citizens' personal data.

Data Processing Agreements

Pursuant to EU law, including the GDPR, covered controllers and processors of personal data must use third-party processors that provide sufficient guarantees that processing will be consistent with applicable EU standards.

The data processing agreement or addendum ("DPA") is an instrument to establish these duties. The GDPR sets forth specific elements that must be included in DPAs between covered controllers and processors, or processors and sub-processors.

REDA One has analyzed these requirements and offers DPAs to its customers as necessary to comply with applicable law.

How REDA One Processes Data

REDA One provides customizable applications and related services to help businesses analyze and report financial data to meet their specific needs.

Salesforce Relationship

REDA One has selected Salesforce as the exclusive host for our applications. Our customers interface directly with Salesforce to populate and access data. Customers utilize the REDA One application autonomously within Salesforce's environment.

At all times, all customer data resides on Salesforce's infrastructure and is subject to its terms and conditions.

REDA One Data Access

REDA One will only access customer data on the Salesforce platform for troubleshooting and related purposes upon a customer's request. We provide our customers with the ability to grant data access credentials for REDA One's workforce.

REDA One and its workforce do not export customer data from the Salesforce platform.

Questions About Our Privacy Practices?

For any additional questions about data processing, GDPR compliance, or to request a Data Processing Agreement, please contact us.

Contact info@reda.one