GDPR General Statement

Associates for International Research, Inc. (AIRINC) knows that you care how information about you is used and shared, and we appreciate your trust that we will do so carefully and sensibly. This notice describes how AIRINC adheres to the privacy standards of the GDPR.

GDPR General Statement

The General Data Protection Regulation (GDPR) took effect on May 25th, 2018. The regulation expands upon and replaces the EU Data Protection and Privacy rules with a more comprehensive framework that dictates how the personal information of EU data subjects is used, stored, transmitted and protected, and codified EU data subjects’ rights regarding that data. The GDPR also requires that businesses share with the EU data subject how personal data is being handled; respond to certain data subject requests about that data; and handle such with proper security controls. The regulation also sets a standard for how that data is shared with other controllers and processors and sets guidelines for use or transfer of that information in countries with different laws and regulations regarding data use and transfer. A copy of the text of GDPR can be found here.

How AIRINC adheres to the privacy standards of the GDPR

AIRINC takes very seriously its responsibilities under GDPR and other data protection laws. As the collection of data subjects’ information is part of our business, AIRINC will ensure that information will be handled securely and according to the guidelines of the GDPR. AIRINC has a robust Privacy Policy (https://www.air-inc.com/privacy-policy/) that provides detail on how we collect personal data, what actions are performed on that personal data, how inquiries regarding that personal data can be made and how to contact us regarding any questions or concerns that you may have.

Our commitment to GDPR did not end on May 25th, 2018 as we are constantly improving our policies and procedures to adhere to the standard and to go a step further to ensure all data we collect is properly protected. The GDPR is not another checkbox for AIRINC but a process of improvement of our Information Security program and the controls we have in place to ensure the data we collect is done so properly, our systems are tested and our employees are trained to understand the regulation and other data protection laws. The goal is not only to ensure we are GDPR compliant but to provide a better service to our users.

AIRINC strives to be transparent with how we are collecting data regarding our customers and providing information to them on the data that we currently have. All our teams work to ensure that the data collected is only what is needed to provide the best service and utilizes data subjects’ information for the purpose of fulfilling those services only. AIRINC is Privacy Shield certified which requires the company to adhere to requirements for transference of data between the EU and US and Switzerland and the US.

GDPR FAQ

How does AIRINC adhere to the GDPR?

AIRINC complies with and follows the direction of the GDPR in each of its business functions. Upon analysis of the regulation, AIRINC reviewed its environment to determine how customer data is acquired and stored and made necessary adjustments to our policies, procedures and security controls. As AIRINC works with clients around the world, we have worked to ensure that our current services adhere to the GDPR and we will apply what we learned to all future services we build.

How does AIRINC comply with the requirements for transferring data between the EU and US?

AIRINC is a Privacy Shield certified company and adheres to the framework set forth by the US Department of Commerce, Swiss Administration and EU Commission. Detail regarding our certification and the requirements we have set forth for AIRINC can be found in the Privacy Policy (https://www.air-inc.com/privacy-policy/).

Does AIRINC comply with the data transference requirements of the GDPR regarding third parties?

Once AIRINC collects a data subject’s personal information it avoids as much as possible sharing that information with any vendor, third party, contractor or other type of outside service. Once AIRINC collects the personal information, it is stored in our systems and is not transferred outside of our network to any controllers or subprocessors without explicit permission from our clients. AIRINC never sells personal data to other companies, and to the extent it is ever shared, it is only to complete the purpose for which the data was acquired.

Does the Privacy Policy reflect the changes required by the GDPR?

Yes. Our Privacy policy can be found here (https://www.air-inc.com/privacy-policy/) and outlines what actions AIRINC performs on personal information and how that information is collected. The policy also includes contact information where further questions and concerns can be addressed.

How can an EU citizen request to have their information removed or modified? Is there a process for viewing the information that AIRINC has when request by an EU citizen?

Within the AIRINC Privacy Policy there is an Enforcement section that provides contact information on how to reach us regarding any questions or concerns you may have on your data privacy within the GDRP directives. This same contact information can be used for questions related to data subject access requests, portability, erasure, etc. The contact information is as follows:

Associates for International Research, Inc.
Attention: Privacy
675 Massachusetts Avenue
Cambridge, MA 02139
Telephone (617) 250-6700 | Fax: (617) 354-2135
e-mail: privacy@air-inc.com

How can an AIRINC customer enter into a Data Protection Agreement (DPA) with AIRINC?

As required by GDPR, AIRINC’s data processing is governed by our privacy policies and DPA’s signed with our customers. Our standard DPA agreement can be found here.

©2004-2018 AIRINC All rights reserved.

Share This