Data privacy post acquisition
The acquisition of Exponea by Bloomreach does not affect customers’ privacy in any respect.
The acquisition has been conceived as the effort to build synergies between two companies including their products and cultures. Product-wise, we are combining the understanding of the product offering (Bloomreach) with the understanding of the customer (Exponea). Culture-wise, we could not be closer. Both pay a great deal of attention to the concepts of integrity and truth, and thus also to data privacy.
The following paragraphs clearly detail all aspects of handling data privacy after the transaction.
Client data security
As you may well know, Exponea has always taken the topics of security and privacy very seriously and the acquisition does not change this. It remains our highest priority to protect the data we work with, including those of our clients.
In practical terms, security translates into our structure, educational objectives, and recruiting process. Following the transaction, we will continue to uphold our valid certifications (see our website), and respect all data protection agreements and contracted terms as well as applicable law (GDPR, CCPA, etc.). Additional security safeguards are continually updated as privacy law evolves.
Our compliance with security best practices is evidenced by SOC 2 report, which is accessible with an NDA. More information about client security at Exponea is available at https://docs.exponea.com/docs/security-controls
Data residency and data transfer
The transaction will have no immediate implications on data residency and data transfer. Data transfers and data location are subject to conditions and requirements stipulated in the contracts with our clients and applicable law (GDPR, CCPA, etc.). All our contractual and legal obligations will be respected at all times.
Access to data
There will be no changes in clients’ accounts during normal operation or support teams interventions. You can continue to work with our support teams the way you have been used to, including the process of submitting questions and receiving answers.
We will continue to guarantee service availability in accordance with valid SLAs.
Both companies have implemented business continuity and incident management processes that will stay in place.
You can learn more at https://docs.exponea.com/docs/data-location-and-backup-management#incident-response.
Security and compliance people
Dedicated teams will continue to ensure product continuity.
At Exponea, a team of security engineers and a security manager are an essential part of our IT. This team is responsible for maintaining our protection and defense systems, reviewing security operational processes, building security frameworks and creating new security policies. They also monitor any suspicious activity, address cybersecurity threats and perform regular health checks and audits.
Our independent Data Protection Officer (DPO) makes sure that Exponea stays compliant. The DPO is tasked with monitoring compliance with the GDPR and other data protection laws, our data protection policies, GDPR awareness training, and audits.
Further questions DPO@exponea.com