Data Sovereignty

Data Sovereignty

Data Sovereignty

What is Data Sovereignty?

Data Sovereignty covers privacy regulations that a government mandates for digital data that has originated, been converted, or stored “in country.” Data created in a country will be subject to the laws of that country. Data Sovereignty privacy regulations are designed to keep sensitive data inside a country’s borders and strictly define what data may be exported across borders. These laws vary from country to country and region to region.

TokenEx Data Sovereignty Policy

TokenEx respects the citizens, organizations, and countries where we collect, transmit, tokenize, and vault sensitive data, so we take privacy and data protection regulations very seriously. Our most important asset is our relationship with our clients and protecting their data. We are committed to maintaining the availability, confidentiality, integrity, and security of information about our clients and their organizations in every country in which we operate by supporting the data security controls based upon the governing and regulating bodies of each country.

TokenEx complies with the applicable laws and regulations protecting the privacy of personally identifiable information in the jurisdictions in which TokenEx operates. Where appropriate, specific jurisdictions may require supplemental terms to this Policy to comply with local laws. When permitted by regulations, some types of data provided to TokenEx by clients to tokenize and secure may be processed and stored in the country in which it was collected, as well as in other countries, including the United States, where laws regarding processing of sensitive information may be less stringent than the laws in the country of origin.

Global Data Protection Regulation

The Global Data Protection Regulation (GDPR) is legislation passed by the EU (European Union) to help fortify and amalgamate data protection for all individuals within the EU, Great Britain, and a few other European countries. GDPR replaces the Data Protection Directive 95/46/EC. The goal of the regulation is to protect the Personally Identifiable Information (PII) of all EU citizens by regulating how their PII is shared, stored, and managed. It also addresses the export of PII outside of the EU. Moreover, it is designed to standardize data privacy laws across the EU with the main goal to “protect and empower all EU citizen’s data privacy and to reshape the way organizations across the region approach data privacy.” With the ever-growing threat of cybercriminals focusing their efforts on stealing PII, the GDPR is important and impactful legislation for data protection and privacy.

Privacy Shield and Safe Harbor – United States

TokenEx complies with both the EU-U.S. Privacy Shield Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information to and from the European Union, the United States, the member countries, and Switzerland, as applicable to each framework. TokenEx has certified to the Department of Commerce that it adheres to both the Privacy Shield Principles and the U.S.-Swiss Safe Harbor Principles. If there is any conflict between the terms in this Policy and the Privacy Shield Principles and the U.S.-Swiss Safe Harbor Principles, the Privacy Shield Principles or the U.S.-Swiss Safe Harbor Principles, as applicable, shall govern. The Federal Trade Commission has jurisdiction over TokenEx’s compliance with the EU-U.S. Privacy Shield Framework.

To learn more about the Privacy Shield Principles and the U.S.-Swiss Safe Harbor Principles, and to view TokenEx’s certification for both, respectively visit these pages:

Office of the Australian Information Commissioner – Australia

The Privacy Act 1988 (Privacy Act) regulates how personal information is collected, stored, and transmitted in Austalia and Australian Capital Territory. The Privacy Act defines personal information as: information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified individual, or an individual who is reasonably identifiable. Common examples are an individual’s name, signature, address, telephone number, date of birth, medical records, bank account details, and commentary or opinion about a person. In addition to the APPs, the Privacy Act also covers more specific matters that entities, including some small businesses, may be required to comply with.

The Privacy Act includes thirteen Australian Privacy Principles (APPs), which apply to some private sector organizations, as well as most Australian and Norfolk Island Government agencies. These are collectively referred to as “APP entities”. The Privacy Act also regulates the privacy component of the consumer credit reporting system, tax file numbers, and health and medical research.

Australian Privacy Principles — A Summary for APP Entities: Privacy Act 1988

In every implementation we do, TokenEx takes privacy and data protection issues as a top priority. Our most important asset is our relationship with our clients, both locally and globally. We are committed to maintaining the confidentiality, integrity, and security of information about our clients, their organizations’ data, and their customers’ data. Since its founding, TokenEx has been at the forefront at implementing compliance and regulations for all current and functional data sovereignty entities. Even as the Safe Harbor Agreement was dissolved by the EU Courts in 2016, and the new Privacy Shield emerged, TokenEx has continued to meet all compliance-based regulations regarding the safe transfer and storage of sensitive data sets among signatory countries.

TokenEx is Prepared to Support GDPR

As the EU’s Global Data Security Regulation (GDPR) becomes active in 2018, the TokenEx data security stack is already compliant with the new regulations. The TokenEx Cloud Tokenization and Data Vaulting Platform is used by clients world-wide, including clients in the vast majority of EU nations, to secure and protect PCI and PII data sets. TokenEx’s tokenization process is a well-recognized and accepted form of pseudonymization, making compliance with the privacy requirements of GDPR more certain, less costly, and much simpler. Tokenization is an advanced form of pseudonymization which has been used for over a decade to protect the private data of TokenEx clients worldwide without a single breach or exposure.

Privacy Shield – Safe Harbor

TokenEx complies with both the EU-U.S. Privacy Shield Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information to and from the European Union, the United States, the member countries and Switzerland, as applicable to each framework. TokenEx has certified to the Department of Commerce that it adheres to both the Privacy Shield Principles and the U.S.-Swiss Safe Harbor Principles. If there is any conflict between the terms in this Policy and the Privacy Shield Principles and the U.S.-Swiss Safe Harbor Principles, the Privacy Shield Principles or the U.S.-Swiss Safe Harbor Principles, as applicable, shall govern. To learn more about the Privacy Shield Principles and the U.S.-Swiss Safe Harbor Principles, and to view TokenEx’s certification for both, please visit https://www.privacyshield.gov/ and http://www.export.gov/safeharbor/, respectively. The Federal Trade Commission has jurisdiction over TokenEx’s compliance with the EU-U.S. Privacy Shield Framework.

TokenEx is Prepared to Support GDPR

TokenEx will be compliant with the GDPR in 2018 when it takes full effect. The TokenEx Cloud Tokenization and Data Vaulting Platform is used by clients world-wide, including clients in the vast majority of EU nations, to secure and protect PCI and PII data sets. TokenEx’s tokenization process is a well-recognized and accepted form of pseudonymization, making compliance with the privacy requirements of GDPR more certain, less costly, and much simpler. Tokenization is an advanced form of pseudonymization which has been used for over a decade to protect the private data of TokenEx clients worldwide without a single breach or exposure.

Office of the Australian Information Commissioner – Australia
TokenEx is fully compliant with Office of the Australian Information Commissioner regulations for data privacy and reporting.

TokenEx Data Sovereignty Policy

TokenEx respects the citizens, organizations, and countries where we collect, transmit, tokenize, and vault sensitive data, so we take privacy and data protection regulations very seriously. Our most important asset is our relationship with our clients and protecting their data. We are committed to maintaining the availability, confidentiality, integrity, and security of information about our clients and their organizations in every country in which we operate by supporting the data security controls based upon the governing and regulating bodies of each country.

TokenEx complies with the applicable laws and regulations protecting the privacy of personally identifiable information in the jurisdictions in which TokenEx operates. Where appropriate, specific jurisdictions may require supplemental terms to this Policy to comply with local laws. When permitted by regulations, some types of data provided to TokenEx by clients to tokenize and secure may be processed and stored in the country in which it was collected, as well as in other countries, including the United States, where laws regarding processing of sensitive information may be less stringent than the laws in the country of origin.

Global Data Protection Regulation

The Global Data Protection Regulation (GDPR) is legislation passed by the EU (European Union) to help fortify and amalgamate data protection for all individuals within the EU, Great Britain, and a few other European countries. GDPR replaces the Data Protection Directive 95/46/EC. The goal of the regulation is to protect the Personally Identifiable Information (PII) of all EU citizens by regulating how their PII is shared, stored, and managed. It also addresses the export of PII outside of the EU. Moreover, it is designed to standardize data privacy laws across the EU with the main goal to “protect and empower all EU citizen’s data privacy and to reshape the way organizations across the region approach data privacy.” With the ever-growing threat of cybercriminals focusing their efforts on stealing PII, the GDPR is important and impactful legislation for data protection and privacy.

Privacy Shield and Safe Harbor – United States

TokenEx complies with both the EU-U.S. Privacy Shield Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information to and from the European Union, the United States, the member countries, and Switzerland, as applicable to each framework. TokenEx has certified to the Department of Commerce that it adheres to both the Privacy Shield Principles and the U.S.-Swiss Safe Harbor Principles. If there is any conflict between the terms in this Policy and the Privacy Shield Principles and the U.S.-Swiss Safe Harbor Principles, the Privacy Shield Principles or the U.S.-Swiss Safe Harbor Principles, as applicable, shall govern. The Federal Trade Commission has jurisdiction over TokenEx’s compliance with the EU-U.S. Privacy Shield Framework.

To learn more about the Privacy Shield Principles and the U.S.-Swiss Safe Harbor Principles, and to view TokenEx’s certification for both, respectively visit these pages:

Office of the Australian Information Commissioner – Australia

The Privacy Act 1988 (Privacy Act) regulates how personal information is collected, stored, and transmitted in Austalia and Australian Capital Territory. The Privacy Act defines personal information as: information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified individual, or an individual who is reasonably identifiable. Common examples are an individual’s name, signature, address, telephone number, date of birth, medical records, bank account details, and commentary or opinion about a person. In addition to the APPs, the Privacy Act also covers more specific matters that entities, including some small businesses, may be required to comply with.

The Privacy Act includes thirteen Australian Privacy Principles (APPs), which apply to some private sector organizations, as well as most Australian and Norfolk Island Government agencies. These are collectively referred to as “APP entities”. The Privacy Act also regulates the privacy component of the consumer credit reporting system, tax file numbers, and health and medical research.

Australian Privacy Principles — A Summary for APP Entities: Privacy Act 1988

In every implementation we do, TokenEx takes privacy and data protection issues as a top priority. Our most important asset is our relationship with our clients, both locally and globally. We are committed to maintaining the confidentiality, integrity, and security of information about our clients, their organizations’ data, and their customers’ data. Since its founding, TokenEx has been at the forefront at implementing compliance and regulations for all current and functional data sovereignty entities. Even as the Safe Harbor Agreement was dissolved by the EU Courts in 2016, and the new Privacy Shield emerged, TokenEx has continued to meet all compliance-based regulations regarding the safe transfer and storage of sensitive data sets among signatory countries.

TokenEx is Prepared to Support GDPR

As the EU’s Global Data Security Regulation (GDPR) becomes active in 2018, the TokenEx data security stack is already compliant with the new regulations. The TokenEx Cloud Tokenization and Data Vaulting Platform is used by clients world-wide, including clients in the vast majority of EU nations, to secure and protect PCI and PII data sets. TokenEx’s tokenization process is a well-recognized and accepted form of pseudonymization, making compliance with the privacy requirements of GDPR more certain, less costly, and much simpler. Tokenization is an advanced form of pseudonymization which has been used for over a decade to protect the private data of TokenEx clients worldwide without a single breach or exposure.

Privacy Shield – Safe Harbor

TokenEx complies with both the EU-U.S. Privacy Shield Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information to and from the European Union, the United States, the member countries and Switzerland, as applicable to each framework. TokenEx has certified to the Department of Commerce that it adheres to both the Privacy Shield Principles and the U.S.-Swiss Safe Harbor Principles. If there is any conflict between the terms in this Policy and the Privacy Shield Principles and the U.S.-Swiss Safe Harbor Principles, the Privacy Shield Principles or the U.S.-Swiss Safe Harbor Principles, as applicable, shall govern. To learn more about the Privacy Shield Principles and the U.S.-Swiss Safe Harbor Principles, and to view TokenEx’s certification for both, please visit https://www.privacyshield.gov/ and http://www.export.gov/safeharbor/, respectively. The Federal Trade Commission has jurisdiction over TokenEx’s compliance with the EU-U.S. Privacy Shield Framework.

TokenEx is Prepared to Support GDPR

TokenEx will be compliant with the GDPR in 2018 when it takes full effect. The TokenEx Cloud Tokenization and Data Vaulting Platform is used by clients world-wide, including clients in the vast majority of EU nations, to secure and protect PCI and PII data sets. TokenEx’s tokenization process is a well-recognized and accepted form of pseudonymization, making compliance with the privacy requirements of GDPR more certain, less costly, and much simpler. Tokenization is an advanced form of pseudonymization which has been used for over a decade to protect the private data of TokenEx clients worldwide without a single breach or exposure.

Office of the Australian Information Commissioner – Australia
TokenEx is fully compliant with Office of the Australian Information Commissioner regulations for data privacy and reporting.

Talk With TokenEx To Learn More!

Contact us to learn how TokenEx can help tokenize your sensitive business data