Data Protection Compliance

Privacy and data protection compliance!

At Rings AI Inc, we focus on the development, implementation, maintenance and continuous improvement of our internal processes to protect and secure the personal data of our staff, customers, and business partners, build our customer’s trust and loyalty, and ensure compliance with data privacy and protection requirements.

1. How does the GDPR apply and to whom?

The General Data Protection Regulation (GDPR) is an EU Regulation enhancing the protection of individuals’ personal data within the European Union. This Regulation aims to provide greater transparency, protection and control over the personal data of individuals within the European Union (EU) as regards the processing of their personal data. 

Regardless of whether an organization is based or not inside of the EU, processing the personal data of individuals within the EU falls under the jurisdiction of the GDPR.

We process personal data on behalf of businesses using our services. The GDPR applies both to us and our clients when our clients are processing personal data of individuals within the EU.

2. How do we comply with the GDPR?

We fully comply with the GDPR, as well as all other applicable laws regarding privacy and personal data protection. Our privacy compliance program is designed to align with the most stringent privacy regulations, primarily the GDPR, with necessary adjustments to ensure compliance with other relevant laws. 

Ensuring compliance notably starts by raising awareness. Within our company, staff members are informed and trained on their obligations and responsibilities regarding security and data handling, and how to meet these requirements to support our compliance with the GDPR. The contractual agreements with both our staff and third parties who process personal data clearly outline the duty to comply with our internal policies, procedures, instructions, and requirements, including non-disclosure obligations.

We have designated a Data Protection Officer who plays an important role in our GDPR compliance by staying updated on legislative and regulatory developments,  keeping our business informed, preparing and reviewing our internal policies and agreements, and by managing formal arrangements with third parties regarding data protection. Our DPO is also in charge of collaborating with the relevant supervisory authorities and supports us with other privacy and data protection tasks, such as: 

• Conducting periodic assessments and analyses; 

• Performing in-depth data protection impact assessments for activities likely to result in high risks;

• Creating and maintaining a detailed register of the performed activities involving the processing of personal data;

• Embedding data protection by design and default in the systems that are processing personal data;

• Conducting privacy and personal data protection trainings and awareness campaigns; 

• Active involvement in handling personal data breaches, when necessary; 

• Ensuring the exercise of data subject’s rights.

We have implemented appropriate technical and organisational measures to protect personal data and to effectively prevent the occurrence of GDPR violations. The key measures include: 

• Designation of a representative in the European Union, to be addressed by supervisory authorities and data subject on all issues related to personal data processing subject to GDPR.

• Processing personal data only for the purposes for which it was collected and informing each category of data subjects regarding the processing of their personal data. To learn more about this, please refer to our https://www.ringsxrm.com/privacy-policy.

• Limiting, both physically and IT-wise, staff access to personal data which is strictly necessary for the performance of their duties (on a need-to-know basis). Access permissions are managed based on role and job requirements.

• Using two-factor authentication mechanisms, depending on the nature of the information accessed through the computer system and system applications.

• Deploying IPS/IDS intrusion prevention and detection systems to monitor network traffic and to prevent and detect potential security threats and suspicious or malicious activities.

• Encrypting data during storage and in transit to ensure a high level of data security against unauthorized access.

• Tracking and periodically reviewing the activity over computer systems and software applications through logs and detection systems.

• Using database back-up systems that create, restore and maintain exact copies of personal data, ensuring the prompt recovery of data necessary for business continuity in the event of an incident.

3. Data Privacy Framework

We are certified by the U.S. Department of Commerce’s International Trade Administration (ITA) under the Data Privacy Framework (DPF) Program, and we adhered to the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF). 

Our certification is valid since March 10, 2025, and it confirms that the transfer of personal data between us and our clients from the European Union / European Economic Area, the United Kingdom 

(and Gibraltar), and Switzerland is compliant with the EU GDPR, UK GDPR and Swiss FADP data protection regulations.

This certification shows our commitment for compliancy with the most stringent privacy laws. To learn more about the Data Privacy Framework (DPF) program and to check our active certification please visit https://www.dataprivacyframework.gov.

4. Would you like more details about our GDPR compliance?

At Rings AI Inc, we aim to strenghten our customers’ and business partners’ trust and satisfaction by answering any GDPR-related inquiries. If you would like more information or have any questions regarding our GDPR compliance, feel free to contact us at dpo@rings.ai. We will respond to your request as soon as possible.