GDPR Policy

Avvoka takes its users’ privacy seriously and takes various steps to ensure compliance with the wording and spirit of data protection legislation, including the General Data Protection Regulation (“GDPR”).

1.     What is the lawful basis for the processing of personal data?

The lawful basis for the processing of personal data processed by Avvoka is consent. This consent fulfils the requirements of the GDPR, ie it is freely given, informed (with users being provided with the privacy policy before consenting) and affirmative.

 

2.     Avvoka’s privacy policy

Avvoka’s privacy policy, which can be accessed at https://avvoka.com/privacy-policy conforms with the requirements of the GDPR. That is that it is designed to be

  1. Concise,
  2. Transparent,
  3. Intelligible
  4. In plain English.

 

3.     Data subject rights

Avvoka recognises the rights of data subjects under the GDPR and has ensured that these can be easily exercised.

The right to receive a privacy notice is respected by making the privacy notice accessible on the Avvoka website.

The right to correct incorrect personal data is respected through the ability of data subjects to send a correction request to our data protection email address (dataprotection@avvoka.com).

The right to have personal data erased under certain circumstances is respected through the ability of users to make a request for information erasure to our data protection email address.

Users can also make a subject access request to our data protection email address to receive a copy of the personal data Avvoka has collected about them.

 

4.     Data location

Data is stored by Avvoka only in jurisdictions which provide the level of protection required under the GDPR. The main application server is based within the United Kingdom, with the backup location in France, both EU countries bound by the GDPR.

 

5.     Data retention and destruction

Avvoka ensures that data is retained only when necessary, with data being deleted following a request by a data subject.

 

6.     Ensuring data security

Avvoka takes the security of the data it controls and processes seriously. Secure password strength policies are enforced and two factor authentication is recommended to ensure that users’ accounts are secure.

To ensure security against external attacks we are ISO 27001, an internationally recognised information security standard, certified and carry out an annual external penetration test on the application (the most recent test was carried out in Q3 2020).

Our application is hosted by OVH who have robust security protocols in place to ensure that the integrity of data is maintained. The OVH data centre is strictly controlled and monitored using a variety of physical controls, intrusion detection systems, environmental security measures, 24 x 7 on-site security staff, biometric scanning, multi-factor authentications, video surveillance and other electronic means. All physical and electronic access to data centres by OVH employees is authorised strictly on a least privileged basis and is logged and audited routinely.

 

7.     Security breach management

In the unlikely event of a security breach Avvoka has robust procedures in place to ensure the identification of any compromised information and notify any affected individuals, as well as bodies required by law to be notified.