At Digital Samba, we take our customers security and data privacy seriously. With a global audience to consider, we fully comply with the General Data Protection Regulation (GDPR). The GDPR expands the privacy rights granted to European individuals and requires certain companies that process the personal data of European individuals to comply with a new set of regulations. In particular, the GDPR may apply to companies that process the personal data of European individuals and have a presence in the EU and to companies that do not have any presence in the EU but target the European market or monitor the behavior of European individuals. We are committed to helping our customer be in compliance.
What is GDPR?
As of 2016, the European Union (EU) approved a new privacy regulation called the General Data Protection Regulation commonly known as the GDPR. The GDPR is designed to strengthen the security and protection of personal data in the EU, as well as provide businesses with a structured framework on how to collect, process, use, and share personal data. Under the GDPR, the concept of “personal data” is very broad, and covers almost any information relating to a specific individual.
When are these regulations starting to be enforced?
All companies collecting or processing the personal data of EU individuals must be GDPR compliant by May 25, 2018.
Controllers and Processors
The GDPR defines and distinguishes between two parties and responsibilities when it comes to collecting and processing personal data:
- Data controllers — who determines the purpose and ways that personal data is processed. Customers and organizations who with Digital Samba’s services fall under this definition.
- Data processors — processes data for the controller. Digital Samba falls under this definition.
The controller is responsible to make sure that all processors with whom it deals will be GDPR compliant and the processors themselves must keep records of their processing activities.
What steps were taken by Digitalsamba.com following the GDPR requirements?
- We will always remain committed to our customers and helping them comply with GDPR while using our services to process their data.
- We worked with our engineering, product, security and legal teams to make both our product and our legal terms in line with the GPDR and will continue to ensure they keep in line continuously. We have taken the following steps:
- We’ve written it as thorough and clear as we can — making absolutely sure to inform you of the control you have over your personal information and data.
- Inserted opt-in and double opt-in to forms where data is collected.
- We sent an email to all of our contacts in the EU making sure they opted-in to product announcements and blog posts, as well as emails pertaining to executing their contracts with us.
Ease of deleting your data
- We’ve made the process in which your account can be deleted as easy as possible.
- Deletion within the app triggers an automatic removal of your data from our CRM and all corresponding systems, unless otherwise opted-in.
Security and process update
- Reviewed and strength our security infrastructure and practices, data encryption in transit and at rest, backup, logs and security alerts.
- An audit and data mapping process were made to make sure any data that may be stored or processed is processed and managed according to the GDPR instructions.
- We delete or anonymize analytics data of users after user deletion.
- We’ve reviewed and put the appropriate contractual terms in place, to perform our role as a data processor for our customers while complying with the GDPR.
- We’ve put on place all the internal procedures, processes and controls and team training to keep up with our compliance.
- All information pertaining to how we process data; information similar to a Data Processing Agreement (DPA) is viewable in our Customer Agreement.
- The Customer Agreement also outlines expectations of our customers to lawfully use our products and services.
We’ll continue to monitor the guidance around GDPR compliance and will ensure that our product and processes are complying with those guidance when they become effective.
Does the GDPR prevent a company from storing data outside of the EU?
Nothing in the GDPR prevents businesses from storing data outside of the EU, as long as the data processor sticks to the necessary regulations and protections.
Where can I learn more about GDPR?
Additional information is available on the official GDPR website of the European Union.
I have more questions. Who should I contact?
If you have any additional questions about the GDPR you can contact us at firstname.lastname@example.org, or through our Contact Page.