Compliance

SOC 2 Type II

The Service Organization Controls (SOC) 2 Type II report is an independent report conducted in accordance with the Trust Services Criteria developed and maintained by the American Institute of Certified Professional Accountants (AICPA) which provides assurance that Parsable’s (a division of CAI Software, LLC) information security program and control environment are compliant with the Trust Services Criteria developed and maintained by the AICPA for the period between April 16th, 2021 through January 31, 2022. The report covers the controls Parsable has implemented both from an organizational and technical perspective, and includes access management, encryption, code changes and deployment, monitoring, vulnerability management, incident management, risk management, human resources management, vendor management, and more for the period specified above.

The report helps companies, looking to use a cloud service like Parsable, to properly assess and address the associated risks.

Parsable’s SOC 2 Type II attestation documentation is available to Parsable’s existing and prospective customers upon written request and following execution of Parsable’s Non-Disclosure Agreement (NDA). Parsable undergoes SOC 2 re-certification annually.

Please contact Parsable’s Security team at [email protected] to request a copy of our current SOC 2 documentation.

EU General Data Protection Regulation (GDPR)

We provide this note to answer the most frequently asked questions our customers ask us about the General Data Protection Regulation (“GDPR”). It does not, and is not intended to, provide legal advice or function as a contractual agreement with respect to data processing activities conducted by Parsable. You should always speak to your own independent legal advisers to understand your legal responsibilities under the GDPR.

What are data protection laws?

In general, data protection laws are laws that govern the way that businesses collect, use, and share personal data about individuals. Among other things, they may require businesses to process individuals’ personal data fairly and lawfully, to allow individuals to exercise legal rights they may have with respect to their personal data (for example, to access, correct or delete their personal data), and to have in place appropriate security protections in order to protect the personal data that they process.

What laws in the European Union govern data protection?

The GDPR or (Regulation (EU) 2016/679) is an EU wide data protection law which has been in force since May 25th, 2018.

The GDPR harmonizes data protection rules across European Union member states.

Who does the GDPR apply to?

The GDPR applies to any organization that is established within the European Union (i.e. is headquartered in or has a subsidiary or branch in the EU). It also applies to any non-EU organization which either:

  • Offers goods or services to individuals in the EU (including free goods and services); or
  • Monitors the behavior of individuals in the EU (for example, through the use of advertising or analytics technologies).

What is a data controller and a data processor?

A data controller is the entity that determines the “purposes and means of the processing” – or, in layman’s terms, how and why personal data will be processed. A data processor processes personal data only on behalf of, and under the instruction of, a data controller.

Is Parsable a controller or processor?

As between Parsable and the customer, Parsable is a data processor. During the course of providing services to its customers, Parsable processes data in accordance with its contractual agreements with customers and its then current Privacy Policy.

Does Parsable comply with the GDPR?

Like any responsible organization, Parsable aims to comply with the data protection laws that apply to it.

Parsable recognizes that many of its customers will be subject to the GDPR, and will look to their suppliers, such as Parsable, to help support their GDPR compliance. For this reason, Parsable has taken measures such that we feel confident we are able to comply with GDPR.

What is Parsable’s lawful basis for processing personal data?

Art 6 of the GDPR sets out the lawful bases that Parsable can rely upon, and these include both consent-based and non-consent-based grounds.

In general, Parsable’s lawful basis for processing its customers’ personal data is to provide the Parsable service purchased by a customer pursuant to a Parsable agreement. Parsable processes customers’ personal data as reasonably necessary to fulfill its contractual obligations to its customers and in connection with its other legitimate business interests, as applicable. Further details on Parsable’s processing of personal data can be found in Parsable’s Privacy Policy.

How does Parsable provide transparency to EU data subjects?

In general, the GDPR requires a controller to provide transparency to individuals when it collects their data from third-party sources under Art 14. Parsable provides its customers and users a direct link to its Privacy Policy prior to use of its services. Additionally, Parsable provides a publicly accessible Privacy Policy available on its website at http://www.parsable.com/ privacy-policy in which the rights of EU data subjects are addressed.

Who do I contact if I have further questions?

If you have any further questions about Parsable’s compliance with EU data protection requirements or the GDPR, please contact [email protected].