← Back to Home

Compliance

Satinesa maintains compliance with international data protection regulations and industry standards to ensure your data is handled responsibly and legally.

Enterprise-Ready: Our compliance program is designed to meet the requirements of regulated industries, enterprise customers, and international data protection laws.

✓ COMPLIANT

GDPR

General Data Protection Regulation - Full compliance with EU data protection requirements including data subject rights, consent management, and cross-border transfers.

IN PROGRESS

SOC 2 Type II

Service Organization Control - Comprehensive audit of security, availability, processing integrity, confidentiality, and privacy controls. Expected Q2 2025.

IN PROGRESS

ISO 27001

Information Security Management - International standard for information security management systems. Certification process underway, completion targeted Q3 2025.

✓ COMPLIANT

ePrivacy Directive

Cookie Law - Compliant with EU regulations on cookies, tracking, and electronic communications including user consent for non-essential cookies.

GDPR Compliance

As a European company, GDPR compliance is at the core of our operations. We ensure:

Data Subject Rights

Right to Access: Users can request copies of their data
Right to Rectification: Users can correct inaccurate information
Right to Erasure: "Right to be forgotten" - data deletion on request
Right to Data Portability: Export data in machine-readable format
Right to Object: Opt-out of certain processing activities
Right to Restrict Processing: Limit how data is used

Lawful Processing

Clear legal basis for all data processing (consent, contract, legitimate interest)
Transparent privacy notices explaining data use
Data minimization - collect only necessary information
Purpose limitation - use data only for stated purposes

Data Protection by Design

Privacy considerations integrated from platform development start
Default settings prioritize user privacy
Regular Data Protection Impact Assessments (DPIAs)
Pseudonymization and anonymization where possible

Data Residency & Transfers

EU Data Residency: All customer data is stored in data centers located within the European Union/European Economic Area, ensuring compliance with EU data protection laws.

International Transfers: When data must be transferred outside the EEA (e.g., for AI processing), we use:

Standard Contractual Clauses (SCCs) approved by European Commission
Adequacy decisions for countries with equivalent protection
Additional safeguards (encryption, access controls)
Binding Corporate Rules (BCRs) where applicable

Industry-Specific Compliance

Aviation & Airport Regulations

While primarily a data platform, we understand and respect aviation industry regulations:

No collection of passenger PII (Personally Identifiable Information)
Compliance with airport security and confidentiality requirements
Adherence to ICAO and IATA data handling guidelines

Financial Data Handling

For payment processing and financial information:

PCI DSS compliance through certified payment processors (Stripe)
No storage of credit card numbers on our servers
Secure tokenization for recurring payments

Third-Party Compliance

All third-party service providers undergo compliance verification:

Data Processing Agreements (DPAs): Signed with all processors handling personal data
Vendor Security Assessments: Review of security practices and certifications
Subprocessor Register: Maintained and available to customers on request
Regular Audits: Ongoing monitoring of third-party compliance status

Documentation & Transparency

We maintain comprehensive compliance documentation:

Privacy Policy: Public-facing policy explaining data practices
Data Processing Addendum: Available for enterprise customers
Security White Papers: Technical security documentation
Compliance Reports: SOC 2, ISO audit reports (when available)
Incident Response Plan: Documented procedures for security incidents

Regulatory Cooperation

We work transparently with regulatory authorities:

Designated Data Protection Officer (DPO) for GDPR matters
Cooperation with data protection authorities (DPAs) when required
Prompt notification of data breaches (within 72 hours per GDPR)
Assistance with supervisory authority investigations

Enterprise Compliance Support

For enterprise customers, we provide:

Custom Data Processing Agreements (DPAs)
Business Associate Agreements (BAAs) if applicable
Security questionnaire responses (VSA, SIG, etc.)
Compliance documentation package
Regular compliance status updates
Dedicated compliance contact

Future Certifications

Our compliance roadmap includes:

Q2 2025: SOC 2 Type II certification completion
Q3 2025: ISO 27001 certification
Q4 2025: ISO 27017 (cloud security) and ISO 27018 (cloud privacy)
2026: Industry-specific certifications based on customer needs

Compliance Questions?

For compliance-related inquiries:

Data Protection Officer: [email protected]
Compliance Team: [email protected]
General Contact: Contact