September 19, 2021
RED Atlas Inc. and affiliates (“RED Atlas”) are committed to
compliance with their data protection obligations throughout the
world. This Intra-Group Personal Data Protection Statement
(“Statement”) sets out the privacy principles RED Atlas follows
with respect to personal information that it transfers from the
European Union, European Economic Area, and Switzerland
(collectively, “EU”) or the United Kingdom (“UK”), in accordance
with the EU General Data Protection Regulation (“GDPR”) and UK
GDPR.
RED Atlas has implemented robust processes and protections to
meet the requirements of transferring personal information to
third countries in accordance with applicable data protection
laws. Accordingly, the relevant RED Atlas companies have entered
into Intra-Group Personal Data Protection Agreements (“IGAs”) to
ensure that personal information transferred from the EU or UK
is subject to appropriate safeguards, and to clearly identify
the Bloomberg companies responsible for transfers of personal
information from the EU or UK.
The IGAs incorporate unchanged EU Commission Standard
Contractual Clauses (“SCCs”), which include specific obligations
and rights around transfers of personal information and ensure
that any personal information leaving the EU and/ or UK will be
transferred by RED Atlas in compliance with applicable EU and UK
data protection laws. The IGAs include the operational
procedures and security measures we use to maintain the accuracy
and integrity of personal information and protect personal
information.
We regularly review and update our governance framework, including roles and responsibilities of personnel, and maintain a working group to oversee data protection regulation compliance and document results and decisions as they relate to personal information management.
We map the personal data life cycle and maintain a personal data map inventory, including documenting personal data flows within RED Atlas’s systems and any disclosures to third-party systems.
We invest in and maintain organizational, technical, and physical safeguards intended to ensure the protection of personal information. We engage in ongoing monitoring and testing of the efficacy of these safeguards. Our data centers are dedicated solely to our products, services, and operations, and have secure and monitored access controls.
We integrate personal data mapping and accountability into our product design processes and build personal data security into our development and product life cycles.
We regularly review and update our policies, procedures, and controls to address our data protection obligations. We conduct data protection executive education and tailored training programs for data protection compliance.
The RED Atlas companies involved in personal information transfer and management are identified in the IGAs as Data Exporter(s) or Data Importer(s). RED Atlas is an independent Data Controller unless otherwise specified. With respect to specific products and services where RED Atlas acts as a Data Processor to our customers, we make available to our customers additional data processing terms, including unchanged EU-Commission approved Controller-to-Processor SCCs.
Questions or comments regarding this Statement should be submitted to RED Atlas’s privacy team at the following address:
Or by emailing privacy@atlas.red
This Statement may be amended from time to time, consistent with the requirements of applicable law, and will be effective immediately.