Gavagai is dedicated to maintaining the best security for our partners and customers and their customers in turn when it comes to the protection of personal data under the GDPR.
What you should know
According to the General Data Protection Regulation (GDPR) there is a distinguishment between:
|・||Data Controller – who collects and owns the data|
|・||Data Processor – who handles and processes the data on behalf of the Controller|
Gavagai is a Data Processor. As a customer of Gavagai, you are either the Controller, if you use Gavagai to analyze your own data, or a sub-contracted to the Processor if you process another company’s data.
In most cases, the data we receive for processing should not contain any personal data. So, if this is the case, no further action on your part (as a customer) is needed.
On the other hand, if you need to process personal data that falls under the GDPR, you will either be classified as:
|・||Data Controller, if the data being processed originates from you|
|・||Sub-Processor, if the originates from a customer of yours|
As a Data Controller, you also must meet certain obligations, such as notifying or obtaining data subjects’ consent if you process personal data.
How Gavagai can help
As the data processor, Gavagai promises to:
|・||Keep clients’ data safe, secure and private|
|・||Handle Data Subject requests, such as right-to-erasure and right-to-access|
|・||Keep records of compliance and audit logs as required|
|・||Disclosure our sub-processors and monitor their GDPR compliance|
|・||Notify about security breach using account contact information|
The Data Privacy and Processing Addendum
According to the new regulation each data processor is required to write a Data Processing Addendum that specifically covers all the details and legislation needed to demonstrate compliance with GDPR. Since this document must reflect our actual internal policies and procedures, Gavagai (as the Data Processor) is in the best position to enumerate how we comply.
Every Gavagai customer is eligible to request and sign our established Data Processing Addendum. Please email us at support AT gavagai DOT se.
When providing our service, Gavagai utilizes the following Sub-Processors:
|・||3scale – https://access.redhat.com/gdpr|
|・||Fortnox – https://support.fortnox.se/hc/sv/sections/115001535709-GDPR|
|・||Chargify – https://help.chargify.com/my-account/gdpr.html|
|・||Atlassian services (JIRA, Confluence, HipChat, Trello) – https://www.atlassian.com/blog/announcements/atlassian-and-gdpr-our-commitment-to-data-privacy|
|・||Hubspot – https://www.hubspot.com/data-privacy/gdpr|
|・||MailChimp – https://blog.mailchimp.com/tag/gdpr/|
|・||Freshdesk – https://www.freshworks.com/privacy/gdpr/company/|
|・||Zapier – https://zapier.com/help/gdpr/|