Disclaimer: The content below is provided for informational purposes only and the information shared here is not meant to serve as legal advice. You should work with legal and other professional counsel to determine exactly how the GDPR may or may not apply to you.
On May 25th, 2018, the EU General Data Protection Regulation (GDPR) goes into effect bringing new global data protection rights for individuals in the European Union.
At Gooten, we believe in the full protection of your data and your right to control your information. We’ve been taking on the EU General Data Protection Regulations with full diligence, and our engineering team has been hard at work to incorporate the steps to ensure we are fully compliant, including:
- Reviewing and auditing our internal processes, procedures, data systems, and documentation
- Evaluating and implementing new features that give Gooten users greater control of and access to their data
- Reviewing the GDPR-friendliness of our existing features and templates and making adjustments as needed
- Ensuring Gooten users are able to easily comply with GDPR for their own users’ data through Gooten
Here are some helpful links:
INTERNAL DATA AUDIT + CREATING NEW TOOLS
We're reviewing all the data we collect, as well as the reasons for why we collect it, as well as which Gooten employees have access to it. We'll document and share as much of this data publicly as possible. This includes the ability to download your data from Gooten, as well as delete it from Gooten.
GOOTEN’s GDPR COMPLIANCE
It is important to note that Gooten is acting both as a Data Controller and as a Data Processor within the realm of GDPR compliance:
- As a Data Controller, you are responsible for safeguarding the data of your customers as they interact directly with services integrated with Gooten.
- As a Data Processor, Gooten is responsible for safeguarding the data of our partners' users as it flows through our system.
Customer's and Partner's Role in GDPR Compliance
As a Gooten partner, you are a Data Controller and Gooten is acting as your Data Processor for your users. In this respect, you’ll want to take the following steps leading up to May 25th, 2018:
- If you have customers in the EU or need to be GDPR compliant, your agreement to our terms of service will be sufficient as it contains relevant addendum.
- If you have customers in the EU or need to be GDPR compliant, you may additionally request to sign our Data Protection Agreement. This is valid for both customers and partners. Here is a sample of what our DPA looks like.
- Perform your own research, modeling, vendor audit, and strategy steps at your company to ensure you understand GDPR as it applies to your business.
- Be thinking about how you’ll handle consent.
Our Vendors / Sub-Processors
Each of our Vendors / Sub-Processors will have an executed DPA to ensure compliance with the EU GDPR requirements. An audited minimum relevant set of data is shared with each vendor :
AWS Amazon - Data Hosting - USA, Ireland
Azure Microsoft - Data Hosting - USA
Servint - Data Hosting - USA
Google Inc. - Data Hosting - USA
FreshDesk - Customer Support - USA
Segment - Email Data - USA
Autopilot - Email Hosting - USA
Chart.io - Data visualization - USA
Salesforce - Customer relationship management - USA
GoToWebinar - Webinar hosting and recording - USA
Drift - Customer Support - USA
MORE TO COME
We are working on a few new features to make controlling your data even easier. Keep an eye out for these over the next month.
* Account Preference Center
* The ability to deactivate or delete your account and associated data from our systems.
* The ability to download your data.
* The ability to tweak the type and frequency of emails you receive.
* The ability to anonymize your data while utilizing our products.