personal privacy data
We're committed to protecting personal privacy information by adhering to the General Data Protection Regulation (GDPR). Established in the E.U. in 2018, GDPR is a law that guides how companies should handle people’s data.
Every user must provide consent during registration before Visit.org processes any personal data.
Dedicated incident response
In the unlikely event of a data breach, Visit.org’s step-by-step response plan will kick into action to ensure timely notification to Corporate Partners and a thorough response to contain the incident and minimize potential impacts.
Customer data processing agreement
This agreement defines Visit.org’s rights and obligations when it processes personal data on behalf of its Corporate Partners. It includes:
Explanation of the rights of data subjects
List of existing sub-processors and procedures for notifying Corporate Partners of new sub-processors
Description of industry-standard technical and organizational security measures for protecting personal data processed
Security and privacy initiatives
to guard against advanced threats on all devices
Strong access controls
with required 2FA and SSO when accessing sensitive systems
to regularly train our employees on the latest threats and protections
Least privileged access
to tightly manage permissions based on role
to validate the security of our platform
Secure from the start
to automatically identify vulnerabilities for fixing
with strong data encryption protocols
to gauge the effectiveness of over 100 security measures daily