GDPR Data SubProcessor FAQs

Are Clari vendors GDPR compliant?

Yes. Clari is committed to maintaining GDPR compliance and as such, we assess our vendors for EU GDPR compliance as well regardless of their geographical location.

Does Clari have a signed Data Processing Addendum (DPA) with its vendors?

Yes. This is part of our EU GDPR compliance process in onboarding vendors. Clari only engages with a sub-processor that can provide ‘sufficient guarantees’ that the requirements of the GDPR will be met and the rights of data subjects protected.

How does Clari verify that its vendors (GRPD sub-processors) are compliant with EU GDPR?

Yes. Clari performs a Data Protection Impact Assessment (DPIA) based on Data Subjects GDPR 8 fundamental rights:

  1. The right to be informed
  2. The right of access
  3. The right of rectification
  4. The right to erasure
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object
  8. Rights of automated decision making and profiling                

Do Clari GDPR sub-processors hold other certifications?

Yes. In addition to being GDPR compliant, Clari looks for validation that its data sub-processors hold two or more of the following industry accreditations: SOC 2 Type II, ISO 2701, EU-U.S. and Swiss-U.S. Privacy Shield and ISACA.

Why does Clari look for Industry Security certifications in addition to GDPR compliance for its data sub-processors?

Clari takes a holistic approach to Risk Management. We believe that by requiring that our vendors meet and maintain those industry certifications allows Clari to better monitor vendor performance for security and data protection of our customers.

How does Clari guarantee on-going GDPR data sub-processor compliance?

Clari performs a review for compliance of its vendors on a yearly basis as part of Clari Third Party Management Policy