Compliance policies
Stannp maintains comprehensive data protection and security frameworks certified to ISO 9001:2015 and ISO 27001:2022 standards. Our Terms of Service, GDPR and Data Protection Policy, and Privacy and Cookies Policy detail how we process personal data as both controller and processor, ensuring full compliance with UK GDPR, DPA 2018, and PECR. We maintain a transparent Subprocessor Directory listing all third-party service providers, with all data processed within the EEA and appropriate safeguards for any international transfers.
Useful legal documents
Stannp's Data Processing Agreement establishes the UK GDPR Article 28 compliant framework for processing personal data on behalf of our customers as data processor. The DPA defines clear processing instructions, security obligations including ISO 27001:2022 certified technical and organisational measures, sub-processor management, and 72-hour breach notification requirements.