Prepare GDPR communication page We prepared a page specifically designed to meet GDPR requirements here: /gdpr.
Appoint a Data Protection Officer We are in a process of appointing a DPO.
Prepare GDPR requests form All our users are able to login into their account where they can review, change and export their data, view their consents and manage newsletter subscriptions. We’ve also prepared dedicated web form where additional change, view and delete requests, as well as complaints and other info can be communicated directly with our support team.
Documents
Data description, collections, locations and subprocessors.pdf Whole our web infrastructure is located on secure servers in one of Digital Ocean’s datacenters. We have prepared a document where we describe all of your data we collect, reasons for storing and processing it, devices and locations of stored data. Some of your data needs to be processed by some internal and external services or processors. We’ve prepared list of all subprocessors and other services that process your data, data description and reasons for why, when and which data do we share.
GDPR activity.pdf We’ve established data security trainings, plans and will keep a history record about all our data and privacy related activities.
Data validation, repair and cleanup We are in the process of validating current data and cleaning up historical data.
Receive consent We will ask user to give us a consent for future profiling, newsletters and marketing activities. Consent for order related processing and some newsletters has already been given.
Data removal We will run massive cleanup script for all users that won’t give consent until May 25th 2018, and for users from which we don’t need data anymore.
Security
Privacy by design Our services and your data are stored on highly secure servers. Our services are mostly automated, as much encrypted and safe as possible, and under constant review.
HTTPS All of our web services are forced to be accessed only over secure connections.
Storage encryption Whenever and wherever possible we encrypt, anonymize or pseudomize your data.
