CAREAR SECURITY AND TRUST CENTER
Compliance Engineered for the Cloud
To affirm our unwavering commitment to Trust, CareAR upholds compliance reports and attestations as a testament to our core values
The SOC2 Type 2 report is an independent auditor’s attestation of the security controls that CareAR has had in place during the report’s coverage period. This report is provided for customers and prospects to review to ensure No Exceptions to the documented policies and procedures in the policy documentation.
General Data Protection Regulation
The European Union’s General Data Protection Regulation (GDPR) became effective on May 25, 2018. This regulation is the EU’s attempt to provide better protection of personal data and privacy protection for EU citizens and to allow them greater control over their personal data.
CareAR was founded after the GDPR went into effect which gave us the advantage of designing a service with privacy protections included from the beginning. The protection of personal data is fundamental to the trust CareAR users expect when choosing our service. This publication contains highlights of our commitment to privacy and data protection. Our formal description is available on our website here: https://carear.com/privacy-policy/
On the privacy page on our website (link above), CareAR sets forth the process for data subjects to exercise their rights and provides a link to communicate with us on privacy-related topics such as when data subjects want to request a copy of their personal data, request deletion or restrict processing of it, or if they wish to withdraw their consent to use of their personal data. As the law requires, before we process any data subject requests, the data subject must reasonably authenticate themselves and provide assurances that the personal data belongs to them. To the extent required by our customer contracts, where we are able to associate a data subject with a specific customer, we consult with the customer to confirm that we may comply with the data subject’s request.
A list of our subprocessors is publicly available at http://carear.com/gdpr-subprocessors and we have contractual arrangements with each that satisfy GDPR requirements. This list is evergreen and will be promptly updated as we bring new subprocessors into our production environment.
Finally, as part of Xerox, we have the benefit of consultation with Xerox’s global Chief Privacy Officer and information security team. This bolsters our commitment to data protection and privacy and ensures that we have internal policies, processes, and protections in place for the personal data we handle. In addition, our employees are all required to take annual information security and privacy training to ensure that they understand how to handle and protect personal data. We also have well-documented methods for our employees to report potential security incidents as well as an anonymous whistleblower hotline to report abuses without the fear of retribution.
Our Ongoing Commitment To Privacy And Data Protection
At CareAR, we believe that this process does not end with GDPR regulations. We are committed to continually improving the protection of the personal data we collect and process