We value your privacy

We use cookies to improve the user experience and analyze its performance.

Privacy Policy

ReconArt, Inc.

SITE PRIVACY POLICY

This Privacy Policy governs the manner in which ReconArt, Inc. (“ReconArt”) collects, uses, maintains and discloses information collected from users (each, a “User”) of the ReconArt.com website (“Site”). This privacy policy applies to the Site and all products and services offered by ReconArt.

Personal identification information

We may collect personal identification information from Users in a variety of ways, including, but not limited to, when Users visit our site, register on the site, fill out a form, and in connection with other activities, services, features or resources we make available on our Site. Users may be asked for, as appropriate, name, email address. We will collect personal identification information from Users only if they voluntarily submit such information to us. Users can always refuse to supply personally identification information, except that it may prevent them from engaging in certain Site related activities.

Non-personal identification information

We may collect non-personal identification information about Users whenever they interact with our Site. Non-personal identification information may include the browser name, the type of computer and technical information about Users means of connection to our Site, such as the operating system and the Internet Service Providers utilized and other similar information.

Web browser cookies

Our Site may use “cookies” to enhance User experience. User’s web browser places cookies on their hard drive for record-keeping purposes and sometimes to track information about them. User may choose to set their web browser to refuse cookies, or to alert you when cookies are being sent. If they do so, note that some parts of the Site may not function properly.

How we use collected information

ReconArt may collect and use Users personal information for the following purposes:

  • To improve customer service:  Information you provide helps us respond to your customer service requests and support needs more efficiently.
  • To personalize user experience:  We may use information in the aggregate to understand how our Users as a group use the services and resources provided on our Site.
  • To improve our Site:  We may use feedback you provide to improve our products and services.
  • To send periodic emails:  We may use the email address to respond to their inquiries, questions, and/or other requests.

 

How we protect your information
We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our Site.
Sensitive and private data exchange between the Site and its Users happens over a SSL secured communication channel and is encrypted and protected with digital signatures.

Sharing your personal information

We do not sell, trade, or rent Users personal identification information to others. We may share generic aggregated demographic information not linked to any personal identification information regarding visitors and users with our business partners, trusted affiliates and advertisers for the purposes outlined above.

Changes to this privacy policy

ReconArt has the discretion to update this privacy policy at any time. When we do, we will revise the updated date at the bottom of this page. We encourage Users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect. You acknowledge and agree that it is your responsibility to review this privacy policy periodically and become aware of modifications.

Your acceptance of these terms

By using this Site, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our Site. Your continued use of the Site following the posting of changes to this policy will be deemed your acceptance of those changes.

Contacting us

If you have any questions about this Privacy Policy, the practices of this site, or your dealings with this site, please contact us at: ReconArt – info[at]reconart[dot]com

reconart logo
  • The Solution
    • Bank Reconciliation Software
    • Credit Card Reconciliation Software
    • AP / AR reconciliation Software
    • Securities, Positions&Trades Reconciliation
    • Financial Close Management Platform
      • Financial close: task management
      • Financial close: Balance sheet reconciliation and certification
      • Financial close: Variance analysis
    • Journal Entries Approval Workflow
    • Intercompany Reconciliation Software
    • API for integration of Reconart with other systems
  • Editions
    • Essentials
    • Plus
    • Certify
    • Close
    • Enterprise
  • Software overview
    • About Us
    • Software Profile
    • Automation Tool
    • Netsuite Account Reconciliation
    • Integration Ready
    • Customer & Industry Profile
    • Implementation & Support
    • Product Evolution
  • Case Studies
  • Partners
  • Blog
  • Contact Us
main image
ReconArt 
Blog
arrow-right icon follow our blog
Nov / 19 / 2021

GDPR and ReconArt – Our Commitment to Data Privacy

GDPR: What is it all about?

The European Union’s General Data Protection Regulation (GDPR) officially comes into effect on May 25, 2018. The compliance deadline which was a long time coming is now only 1 short week away, and even in the final days, the affected portion of the business world has been buzzing with activities on the topic, aiming to fully understand and comply with this expansive new regulation. It’s no surprise, as the GDPR touches any and all organizations that are established in the EU and/or are processing personal data of EU-based individuals. It aims to standardize the framework for handling personal data, bringing new requirements for organizations and new rights for individuals.

To put it simply, the GDPR is about changing our collective, overall mindset about data privacy – what it is, who it belongs to, who is accountable for it, and what are the general requirements for dealing with it, plus the potential consequences for not dealing with it appropriately. The GDPR builds upon the 1995 EU Data Protection Directive, aiming to enhance that with the rapid technological expansion and change since then. It expressly introduces several new principles and concepts, ultimately aiming to motivate organizations to take more responsibility for protecting the personal data they handle.

ReconArt and GDPR

GDPR & ReconArt

While every organization’s path to complying with GDPR is likely to be different (driven by factors like company size, type and amount of data it processes, current security and privacy measures, etc.), all relevant parties have specific responsibilities to analyze, implement, and maintain as part of GDPR compliance.

The ReconArt team has committed focus and resources on understanding GDPR requirements, assigning a dedicated team with Legal and Technical expertise to make the solution and all applicable processes compliant and ensure Client data is protected in accordance with the ISO27001 standard and GDPR requirements.

Best practices and efforts in security and data privacy have always been a top priority at ReconArt. As an ISO27001 certified organization, ReconArt already follows some of the most widely-accepted security and privacy standards and regulations in the world. According to “IAPP-OneTrust Research: Bridging ISO 27001 to GDPR”, there is significant overlap between ISO27001 and GDPR because at their core, they both aim for “reducing risk to people and organizations caused by misuse of personal data” and thus, “ISO 27001-certifed organizations are well positioned to respond to many GDPR priorities” especially in the areas of Breach notification, Vendor management, Recordkeeping, Privacy by design, and Data subject rights.

ReconArt rolled out a GDPR compliance strategy for our worldwide operations with primary focus on our operations and Clients in European Union. Below are some of the specific initiatives that took place in order to ensure compliance with GDPR requirements:

  • Security by design: the ReconArt solution is designed in accordance with the ISO27001 standard, which mirrors many of the security and privacy requirements from GDPR
  • We are committed to implement any additional security and privacy measures required under GDPR if such appear as part of, or addition to, the regulation
  • Data transfers between Client and ReconArt environments are secured with encryption and use secured transfers.
  • Dedicated Client ReconArt systems are accessible only from whitelisted Client networks
  • Where appropriate, enterprise-class authentication tools can be integrated with ReconArt (Okta, OneLogin, Active Directory). This way even higher security standards, such as dual authentication, can be enforced
  • EU Client data is stored in a secured data center in Europe. We use two Armor datacenters located in London and Amsterdam to host those systems
  • As a processor, assisting with the security and privacy of the processing, including notifying controllers in the event of breaches
  • Providing ReconArt support personnel who has access to Client data with the appropriate training for keeping the confidentiality and security of that data
  • Holding any vendors (hosting partners) that handle personal data to the same standards as ReconArt.
  • Through a GDPR-compliant Data Processing Addendum to our standard Agreement, obtaining from customers a classification of personal data used for reconciliation (if any) and taking the relevant measures to protect this data via technical and process-related activities.
  • Carrying out data impact assessments and consulting with EU and local regulators where appropriate.

GDPR and ReconArt: Frequently Asked Questions

 

Does ReconArt process Personal Data on behalf of its customers?

By default, ReconArt uses low risk personal data like name, email and phone number to create logins for customers in the system. In case customers (Controllers) do not want to provide such personal data, they can use third party authentication method (Okta, OneLogin or Active Directory). In this case only a login will be needed in ReconArt, which does not contain personal data itself. The other details can be protected using pseudonymization in ReconArt as they are not needed for the login process. In case internal authentication is used, email is needed for system activities (e.g. password resets). All other fields are either optional or can be pseudonymized if the Client wishes to protect them.

ReconArt does not have information whether Clients use personal data as part of the data they choose to upload and reconcile in the system. To provide protection of this data, all personal data that is uploaded in the system has to be described by the customer with the appropriate classification. In this case, ReconArt will take the necessary measures to protect this data according to the GDPR requirements.

 

Where does ReconArt process my data?

Our hosted environments are hosted on a carefully selected third party data center – Armor (https://www.armor.com/) that holds a number of security certifications, including SSAE16, PCI, HIPAA, GDPR (https://www.armor.com/compliance/). For European customers, we use London and Amsterdam Armor locations to host the production environments. Test environments are hosted either on Armor as well, or within ReconArt’s own datacenter in Bulgaria.

 

How does ReconArt protect my data?

Production environments are protected via the following measures, addressing critical areas of GDPR compliance:

  • Network :
    • Intrusion Detection: detects malicious traffic that could result in data breaches
    • Vulnerability Scanning: reduces attack surface by identifying improper configurations and missing patches/updates
    • IP Reputation Management: effective first-line-of-defense in blocking IP addresses associated with threat actors
    • Web Application Firewall: provide effective detection and blocking of traffic associated with malicious application behavior such as cross-site scripts, SQL injection.
  • Server
    • File Integrity Monitoring: monitors unauthorized changes to critical files
    • O/S Patching: addresses O/S vulnerabilities
    • Malware Protection: protects systems from viruses and malware
    • O/S Log Management: records history of important O/S events for response and forensics investigations
  • Administration
    • Security Dashboard: facilitates documentation of security posture and incident communication
    • Incident Response: provides quick and prioritized response to incident
  • Data security
    • All backups are encrypted with enterprise class 256bit security algorithm.

 

Is it possible to anonymize or pseudonymize all personal data I am reconciling in ReconArt?

Yes, but this has to be done on the Controller (Client) side. ReconArt itself does not require any personal data at all for reconciliation purposes and to the best of our knowledge, only in rare cases low risk personal data can be used (e.g. partial names and addresses). The Client has full control to decide what data to load and in what form.

 

Is it possible to encrypt all personal data I am reconciling in ReconArt?

Yes, it’s technologically possible, however there are two aspects to consider:

  • All data that is classified as personal has to be described and provided from the Client to ReconArt. After appropriate measures for data protection are agreed, ReconArt will implement them.
  • Some methods for encryption on database level may limit some of the ReconArt functionality – for example, if string data is encrypted, then substring functions may not work as part of the reconciliation rules.

 

Can you guarantee that my data will stay in a certain location (e.g., Europe)?

Yes, ReconArt will place the production and test environments according to the location of the customer and data protection requirements. Customers from United States will have their data located in the US and our customers outside US and EU will have systems located in Armor data center that will provide best performance, unless otherwise required.

 

What security related certifications does ReconArt have?

ReconArt is ISO27001 certified within the European subsidiary. The same processes are rolled out and implemented in the US office where the certification process is in progress and will be completed by the end of 2018.

ReconArt recommendations for our Clients (Controllers)

It is important that our Clients, as Data Controllers, are aware of their own obligations under GDPR – these tend to be more expansive than those for entities considered “Processors”. Due to the nature of ReconArt’s offering and the fact that, for the most part, our Clients manage their ReconArt systems independently, mutual efforts are needed to ensure GDPR compliance in the event private data will be used. This includes the Client’s proper outlining and classifying of the personal data so that ReconArt can ensure the proper GDPR compliance measures are taken to protect it.

 

No provider can figure out GDPR compliance on your behalf

It’s important to treat GDPR not purely as a legal issue that can be solved by an appropriate Data Processing Agreement, but as a comprehensive matter that touches many aspects of the business. Every organization needs to complete its own legal, technical, and operational analysis to fully understand GDPR and its own role in it, and to implement it comprehensively. It is recommended that this analysis include internal resources as well as independent expertise, and that ultimately it produces a compliance strategy.

 

Understand your data

As a Data Controller, it is solely your responsibility to fully understand and document the nature, purpose, and risk level of the private data you are collecting. Ultimately, the GDPR is all about understanding your data and designing your approach to security around it – and only you are in a position to do this. For starters, this is a great opportunity to eliminate or minimize the use of personal data in processes that do not actually require it, such as reconciliation. Consider all the tools at your disposal to accomplish this. If private data must be used, there should be a good reason, which will be documented in the DPA.

 

Educate employees

According to this GDPR:REPORT article from June 2017, “whilst cyber-attacks resulting in data breaches dominate the headlines, the majority of data breaches occur due to human error – be it a dropped memory stick, sending something to the wrong e-mail address, not following a firm wide policy on encrypting data or not taking care of paper files whilst out of the office”. It’s very important to prioritize comprehensive employee education on GDPR concepts and best practices around data privacy and security. There are so many easily accessible resources out there in the form of online courses, webinars, and other materials that can assist you with this – consider making employee training an on-going concept with monthly recurrence rather than a once-off thing.

Contact: If you have any questions, please contact us at info@reconart.com

Disclaimer: The purpose of this write-up is to share ReconArt’s measures for GDPR compliance and provide helpful guidance to interested parties. It is not a comprehensive solution or legal advice for GDPR. Each organization should undertake their own steps to ensure compliance.

Share this post
Ready to learn more about our solution?
Let’s Talk GDPR and ReconArt – Our Commitment to Data Privacy

Case Study

Rain City Capital

Rain City Capital

Industry: Lending
Focus: Bank Recs, Time Savings

Rain City Capital was able to exponentially speed up their reconciliation process and eliminate the opportunity for error by leveraging ReconArt’s powerful automation features.

read more

ReconArt Customers

Here are some of the customers who leverage our reconciliation software to automate their reconciliation and close processes.

Soyven
Karhoo
Navan
Klar
Fujifilm
Expedia
Umpqua bank
Calgary co op B&W
Choice Bank
Nedbank
Asos
Fiat Chrysler
Ferratum
Quikrete
Deliveroo
Worldremit
Bill
Catalyst
Voyager
Toa

Let's Talk

We welcome the opportunity to explore your needs and introduce you to our solution.

Let us know you have interest
What to expect from us
  • check iconQuick response
  • check iconCollaborative discovery
  • check iconTransparency and openness
  • check iconClear next steps
facebook icon
twitter icon
Linkedin icon
ReconArt Americas
6462 Little River Turnpike
Alexandria VA 22312-1411
United States
 1-855-RECONART (Toll Free)
ReconArt Worldwide
+1 571-210-2444 info@reconart.com
Copyring 2024 ReconArt, Inc. All Rights reserved.
Terms & Conditions | Privacy Policy