Antistat Inc. provides ESD consumables and cleanroom technology supplies – we are committed to protecting any data that we collect concerning you or your organization. By using our services you agree to the use of the data that we collect in accordance with this Policy.
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a privacy and data protection regulation in the European Union (EU) that was enforced from May 25th 2018.
Antistat Inc. is committed to high standards of information security, privacy and transparency, across its global sites. The company strives to comply with applicable GDPR regulations, including its position as a data processor, while also working closely with our customers and partners to meet contractual obligations for our procedures, products and services.
Antistat Inc. places high importance on information security and within The Group, we comply with a number of standards that also focus on information data security standards including ISO9001 and PCI-DSS.
The company is registered with the ICO in the UK (International Commissioners Office) under registration number ZA291340 with trading names listed as Ant Group, Antistat, Integrity Cleanroom, Cyberpac, Cygna & Acupaq – organization name is The E.S.D Control Centre Limited.
GDPR imposed new obligations on organizations that control or process relevant personal data and introduces new rights and protections for EU data subjects. The GDPR applies to data processing carried out by organizations operating within the EU. It also applies to companies outside the EU that offer goods or services to individuals within the EU.
Antistat Inc. with the GDPR as a processor and controller of data and planned and developed a programme of works which delivers what is required by the legislation. This involved working with our suppliers and partner organizations to ensure they can meet these obligations. We have engaged an external advisor to ensure we delivered best practice in compliance, and our programme falls into these areas:
Customer Contracts: Our Service Agreements already addresses GDPR compliance.
Policy Development: We reviewed/ refreshed and developed our range of policies including (but not limited to) our ISO-9001 Controls, PCI-DSS, Data Breach Policy, Business Continuity Plans, Subject Access Requests, Individuals Rights, best data protection practice.
Data Impact Assessments & Data Inventory: We undertook a systematic review of the data we store, manage, maintain, collect, process and control. This included offline storage and paper records. Assessments of the data reviewed information flow, any data transfers, risk reviews, and structural position in relation to Lawfulness, Purpose, Minimization, Accuracy, Consent, Limitation, Integrity & Confidentiality, Record Keeping and Accountability.
Training & Awareness: We undertook a rolling training programme across the Group on the GDPR and its impact on the new policies, procedures, and responsibilities of staff & stakeholders in this new regime.
Supplier & Partner relationships: Where relevant and related, we used all reasonable endeavors to ensure that our third party and suppliers are complying with GDPR and Antistat Inc. Policies.
Technology: we reviewed our technology platforms to analyse their operation, security, compliance in order to ensure that they meet the standards we have laid down and identify any gaps and risks.
Antistat Inc. data security team, our senior management and advisors will continue to monitor the programme up to May 2018 and beyond.
May 1st 2019 Article Addendum 7.4