Introduction

We are dedicated to safeguarding the privacy of our users and their customers, remaining vigilant about developments in data protection laws to instill confidence in the safety of our platform. This page aims to elucidate the applicable rules, how they pertain to your platform usage, and the measures taken to ensure compliance. It should be reviewed alongside our Privacy Policy, and for more detailed information or advice, consult a legal professional.

General Data Protection Regulation (GDPR)

Regulation (EU) 2016/679, commonly known as the General Data Protection Regulation (GDPR), is an EU regulation designed to standardize data protection and privacy laws across the EU. GDPR provisions apply whenever personal data of an EU data subject is involved. Emphasizing individual control over data usage and promoting transparency in data collection and processing, GDPR was directly incorporated into UK law post-Brexit as the 'UK GDPR.'

Basic GDPR Concepts

Controller and Processor

The GDPR places obligations on individuals based on whether they are a controller or processor of personal data. A controller makes decisions on processing personal data, while a processor handles data on behalf of a controller, following the controller's instructions. When using the platform, you act as a controller, responsible for ensuring legal processing, and we, as the data processor, store and manage data under your instructions, refraining from using it for our purposes.

Legal Basis for Processing

Personal data can only be collected and processed with a legal basis as defined in the GDPR. As a processor, we rely on customers to select the correct basis for collecting and processing personal data. It's crucial to identify suitable legal bases, collect data accordingly, and not change the basis without valid reasons.

Data Subject Access Rights

GDPR grants data subjects (your customers) rights concerning their personal data, such as access, correction, and deletion. We facilitate easy communication for handling such requests promptly based on your instructions. Familiarize yourself with obligations, including data held on your systems apart from the platform.

Transfers of Data to the USA

Transferring personal data outside the EEA is subject to specific conditions. Our Data Processing Agreement, incorporating Standard Contractual Clauses, ensures lawful data transfer to the USA.

Data Security

We've implemented robust security measures for storing personal data securely, regularly testing products for vulnerabilities, and maintaining backup and recovery systems to minimize data risks.

Steps for GDPR Compliance

Taking our role as a processor seriously, we've established procedures to ensure GDPR compliance:

• Our Data Processing Agreement uses Standard Contractual Clauses for lawful data transfer.
• We promptly detect and inform customers of personal breaches.
• Handling subject access and erasure requests and informing you of such requests promptly.
• Documenting the personal data processed on your behalf.
• Assessing and upgrading security to align with the risk level regarding a potential data breach.