The protection of your information is crucial to 24sessions. Therefore, we are happy to announce that we fully comply with GDPR. Below you can find examples of what we have implemented:

Data

24sessions only collect personal data that is strictly required for establishing the services. What specific data we collect and for what purpose can be found in our privacy policy.

Policies

24sessions has entered in Data protection Agreements with all our subprocessors to make sure that privacy and security of our customer data is protected. We provide a pre-signed DPA for 24sessions customers. Our DPA has been carefully rewritten to comply with all GDPR and other privacy related requirements and accurately describe the manner in which 24sessions consistently provides its services to all of its customers, and is consistently with ISO/IEC 27001:2013 on which 24sessions is audited yearly. We have also updated our Privacy Policy to be more transparent and have developed a cookie policy that describes the purpose of the cookies that 24sessions uses.

Employee Education and Training

All 24sessions employees receive privacy training during on-boarding and annually thereafter. Client facing roles have been trained additionally on GDPR and how it impacts their roles.

Data Subject Rights

GDPR empowers data subjects (our users) with certain rights to help assure the privacy and protection of their personal data. These rights include:

• The right to be informed

• The right of access

• The right of rectification

• The right to erasure

• The right to restrict processing

• The right to object

If you have any specific questions regarding the GDPR requirements and how this may impact your use of 24sessions please feel free to let us know by emailing to security@24sessions.com and our security team will respond.