Copyright Clearance Center, Inc. (CCC) and RightsDirect B.V. (RightsDirect) take data security and privacy very seriously. For all our customers and business partners, please rest assured that we are taking all reasonable steps to achieve, and then maintain, the highest level of respect and protection for your data security and privacy in compliance with the law and with best practices.
For those of you who are aware of the various certification and compliance
processes required to carry through on that commitment, we are proud to report the following: CCC (including its wholly owned subsidiary RightsDirect) has successfully completed three annual SOC 2 Type 2 audits and is ISO27001 certified, as of January 2019 (Valid to January 5, 2022). Our next SOC and ISO audits are scheduled for late 2021. Our SOC and ISO preparedness activities enabled CCC to qualify in the initial group of applicants for the EU/US Privacy Shield and for recertification for 2018, 2019 and 2020. Additionally, our online privacy policies are audited annually and certified by TRUSTe/TRUSTARC. CCC and RightsDirect are confident that the activities we undertook to achieve these third-party certifications (and our intention to maintain them in order to provide service to our customers) have kept us on course for continuing GDPR compliance. (CCC’s data security and privacy team is actively reviewing the recent decisions by the Court of Justice of the European Union and the Swiss Federal Data and Information Commissioner related to the Privacy Shield and will update this statement as appropriate.) In addition, our online privacy notices have been recertified annually by TRUSTe. To check current certification status check here. CCC is confident that these activities are leading us to GDPR compliance as well.