We care deeply about the security of your data stored on our server, as well as the protection of personal data you provide to us to manage your account.
We support the new international (GDPR) and local (POPIA) laws regarding data protection which are coming into effect, as they raise the bar for data protection, security and compliance in the industry.
What is the GDPR?
The General Data Protection Regulation (GDPR) is a new European privacy law which becomes enforceable on 25 May 2018. It aims to strengthen the security and protection of personal data in the EU.
The law determines how entities must process, protect and notify users regarding their personal data for anyone living in the European Union. This includes all aspects of collecting, storing, transferring or using that data.
What is Personal Data?
“Personal data” as defined by GDPR is broad, and includes:
- Directly personal information e.g. names and contact details, as well as
- Indirect identifiers such as email addresses and IP addresses.
Note: GDPR applies to natural persons and not legal persons, like companies. This differs from POPIA, which applies to both natural and legal persons.
What is our role as defined by data protection law?
Two main roles are identified in the legislation:
- The Controller of Personal Data: the entity which determines how and why the data is processed.
- The Processor of Personal Data: the entity which processes personal data on behalf of the controller. Examples of Processing are storage, recording, organisation or retrieval.
Organisations who belong to either or both of these roles are liable and responsible.
We are both a Data Processor and a Data Controller.
Controller: We act as a data controller for the members information we collect from you when you join this site and use services from us. This personal data includes details such as names and contact information.
Processor: We act as the data processor and you are the controller of data that is uploaded to your account or in our server, as we store this data on your behalf.
Our website may capture the personal information of members e.g. name, date of birth, address, telephone number, email, newsletter subscriptions or processing payment. You control this data and how it gets collected and used, and we processes this data by storing it on our server.
What personal customer data do we collect and store?
We store personal data that is voluntarily provided by members when:
- registering with this site
- placing orders for our products and services
- requesting customer support
- signing up for our newsletters.
While we control what information is collected and stored, you are able to amend or remove your personal details online at any time.
Only information that is required to implement our services is stored. Member personal data is forwarded only to accredited third-parties that we have contracted to offer specialist services.
We also may collect other identifying information from our members, such as IP address, SSH public keys or Oauth tokens for external services.
EU personal data may be stored on our server when members use this website to collect or store data. We have no knowledge, control or access to this data, but as we store the data, we act as the data processor.
What is the “Right to be forgotten”?
The “right to erasure” or “right to be forgotten” means that you have the right to update or have your personal information deleted when it is no longer needed, such as if you cancel a service or delete your account.
You can update or delete any contact details directly from your account page or contacting us via email. If you no longer have services with us and want to delete your entire account, contact us.
Note that historic invoices, which contain name and contact details, can not be deleted for legal reasons.
What have we done to become GDPR compliant?
- We have conducted an audit of business processes that deal with personal data of individuals and other subjects, including how we collect, process and store this data securely.
- We have received and implemented qualified legal advice, as experts in the field of Privacy and Data Protection.
- We have audited our “Right to be Forgotten” process to ensure that customers leaving this site can have their personal information deleted.
- We have implemented a Privacy by Design and by Default Policy (PbD Policy).
- We have appointed a representative in the EU.
- We have updated our incident response policies and procedures.
Does we have a Data Processing Agreement (DPA)?
As the controller, the GDPR requires you to conclude agreements with your users when they process your personal data. Some members require their processors to sign a Data Processing Agreement (DPA) to fulfill this requirement.