Protecting personal and other confidential data is fundamental to our business.
As of May 25, 2018, the new General Data Protection Regulation gives EU citizens and residents more control over their personal data and strengthens their data privacy protections.
While the GDPR goes further than other personal privacy laws, we're expecting other jurisdictions will continue to adopt greater protections.
The GDPR is intended to protect citizens and residents in the EU. However, any organization that collects, stores, transfers, or uses EU personal data must comply:
The GDPR and other privacy laws governing use and protection of personal information generally establish rights and obligations in two buckets:
The security obligations apply to data controllers and data processors.
A data controller is the party in charge and makes the decisions about what personal data to collect and what to do with it.
A data processor is a service provider that carries out the controller's directions respecting the personal data.
Relativity, as a company, is only a data processor for personal data that customers import into our SaaS product, RelativityOne. We do not review your personal or other case data, but we give you the tools to search, analyze, and act on it.
Relativity, as a company, is a controller for personal data we collect for other corporate purposes.
Security is integral to who we are and ingrained in how we operate. We take technical and organizational measures to ensure our products, systems, and facilities are secure for personal and other confidential data.
We have a chief security officer, security team, and compliance team, and we take pride in our ISO 27001 Certification, SOC 2 audit, and HIPAA compliance.
We do not know if customer data in RelativityOne is personal, a trade secret, or other sensitive data. So, we give all customer data our highest protection classification.
We're not just thinking about how our company stays ahead of privacy requirements, but how the security and design of our products supports our customers and their compliance with the GDPR.
Relativity on-premises and RelativityOne include search and analytics tools to help you locate personal information records within a Relativity workspace that may contain personal data, as well as delete, modify, or export the information as needed to comply with your GDPR obligations.
The GDPR contains many exceptions for judicial actions, legitimate interests, and legal obligations that may apply to the data you have stored within Relativity or RelativityOne.
You might violate local court rules if you modify or delete personal information from your case data prematurely. Always consult with a local data privacy legal expert before taking privacy-related actions with your data in Relativity or RelativityOne.
Though we don't provide services to locate, delete, modify, or export your personal or other customer data in our products, our team is always on hand to help you make the most of Relativity and RelativityOne, including training on how to locate records within a Relativity workspace, and how to delete, modify, or export data containing personal data for GDPR compliance.