www.athenabda.com-
www.athenabda.com-

GDPR Statement

At Athena BDA, we are committed to ensuring the privacy and security of personal data in compliance with the General Data Protection Regulation (GDPR).

Overview of Our GDPR Compliance

  1. Data Collection and Processing:
    • We collect all of our data directly from Apollo.io and enrich it with additional data points such as therapy area, disease area, role type, and brand.
  2. Consent and Legal Basis:
    • Our processing activities are based on legitimate interests, leveraging Apollo.io’s compliance framework for the initial data collection.
  3. Data Subject Rights:
    • We respect data subjects’ rights to access, correct, and delete their personal data.
    • Data subjects can email adrian@athenabda.com for any requests related to their data. They can also go to the Apollo Privacy Policy page for details on how to access, correct, and delete their personal data from Apollo.
  4. Data Security:
    • We implement robust security measures to protect personal data.
    • Our security measures are reviewed and updated regularly to ensure they remain effective.
  5. Transparency and Accountability:
    • We maintain transparency about our data processing activities and data subject rights through our privacy policy and notifications.
    • Regular audits and reviews are conducted to ensure ongoing GDPR compliance.
    • All employees are trained on GDPR to ensure understanding of data protection principles.
  6. Third-Party Compliance:
    • We do not use any third-party services to store or process personal data, other than Apollo.io.
  7. Data Retention:
    • Personal data is retained only as long as necessary for our business purposes and to comply with legal obligations.
    • Data that is no longer needed is securely deleted to protect the privacy of data subjects.

How Apollo stays adherent to GDPR

All of the contact data within the Athena BDA platform comes directly from the Apollo.io database. Here is a statement from Apollo on how they stay compliant and how they support Athena BDA in staying compliant.

The Apollo team works hard to ensure that we remain in compliance for both the company’s benefit as well as that of our customers. The Apollo platform is more complex in the way that it handles data than most, so our compliance is similarly complicated.

Our Privacy Policy and Terms of Service include our Data Processing Addendum. The addendum helps users control what we do with their data and gives them the freedom to access and/or remove their data from our system if they so desire, among other rights.

Much of maintaining GDPR compliance as a vendor involves how we secure our data. In order to maintain a high bar of security we have completed the following:

  • Apollo has achieved a SOC 2 and ISO 27001 security accreditation report. These accreditations evaluate Apollo controls that are relevant to data security, availability, and confidentiality. To gain them, Apollo needed to prove the success of our controls and their ability to maintain security, availability, and confidentiality over a predetermined span of time.
  • Apollo has implemented advanced data controls, which include the encryption of all user data, which is designed to protect our customers’ data from leaks and malicious intent. The Apollo team regularly tests our product to fix any potential problems and maintains the industry’s highest standards in information security.
  • Apollo has built and follows data incident response processes. These processes are tested each year for continued effectiveness.
  • Apollo built processes to supplement data recovery and integrity to help any customers whose data is lost or unintentionally corrupted.
  • Apollo has systems in place to protect all customers’ rights to their own data footprint in the platform.
  • Apollo’s key data sub-processors, such as Amazon Web Services (AWS) and Google Cloud Platform, all have achieved similarly high-level security standards (SOC 2 and/or ISO 27001 certifications, where possible) and have undergone rigorous security evaluations.

For detailed information, please refer to the full Apollo GDPR statement and Apollo’s Privacy Policy.

For more information on Athena BDA’s privacy practices, please see our Privacy Policy.

For any GDPR-related inquiries or requests, please contact Adrian Burke at adrian@athenabda.com.