Skip to main content

GDPR Compliance

Kevin Pham
  • Updated

At Gooten, we believe in protecting your data and your right to control your information.

DISCLAIMER: The content below is provided for informational purposes only, and the information shared here is not meant to serve as legal advice. You should work with legal and other professional counsel to determine exactly how the GDPR may or may not apply to you.

 

On May 25th, 2018, the EU General Data Protection Regulation (GDPR) goes into effect, bringing new global data protection rights for individuals in the European Union.

At Gooten, we believe in protecting your data and your right to control your information. We’ve been taking on the EU General Data Protection Regulations with full diligence, and our engineering team has been hard at work to incorporate the steps to ensure we are fully compliant, including:

  • Reviewing and auditing our internal processes, procedures, data systems, and documentation
  • Evaluating and implementing new features that give Gooten users greater control of and access to their data
  • Reviewing the GDPR-friendliness of our existing features and templates and making adjustments as needed
  • Ensuring Gooten users are able to easily comply with GDPR for their own users’ data through Gooten

Here are some helpful links:

Privacy Policy

Terms of Service

Access our DPA

 

Internal data audit & creating new tools 

We're reviewing all the data we collect, the reasons we collect it, and which Gooten employees have access to it. We'll document and share as much of this data publicly as possible. This includes the ability to download your data from Gooten, as well as delete it from Gooten.

 

Gooten's GDPR compliance

It is important to note that Gooten is acting both as a Data Controller and as a Data Processor within the realm of GDPR compliance:

  • As a Data Controller, you are responsible for safeguarding your customers' data as they interact with services integrated with Gooten.
  • As a Data Processor, Gooten is responsible for safeguarding our partners' users' data as it flows through our system.

 

Customers' and Partners' Role in GDPR Compliance

As a Gooten partner, you are a Data Controller, and Gooten acts as your Data Processor for your users. In this respect, you’ll want to take the following steps leading up to May 25th, 2018:

Ensure your Terms of Service and/or Privacy Policy are up to date.

  • If you have customers in the EU or need to be GDPR-compliant, your agreement to our terms of service will be sufficient, as it includes a relevant addendum.
  • If you have customers in the EU or need to be GDPR-compliant, you may also request that they sign our Data Protection Agreement. This applies to both customers and partners. Here is a sample of our DPA.
  • Perform your own research, modeling, vendor audit, and strategy steps at your company to ensure you understand GDPR as it applies to your business.
  • Be thinking about how you’ll handle consent.

Our Vendors / Sub-Processors

Each of our Vendors / Sub-Processors will have an executed DPA to ensure compliance with the EU GDPR requirements. An audited minimum relevant set of data is shared with each vendor :

AWS Amazon - Data Hosting - USA, Ireland

Azure Microsoft - Data Hosting - USA

Servint - Data Hosting - USA

Google Inc.  -  Data Hosting - USA

FreshDesk - Customer Support - USA

Segment - Email Data - USA

Autopilot - Email Hosting - USA

Chart.io - Data visualization - USA

Salesforce - Customer relationship management - USA

GoToWebinar - Webinar hosting and recording - USA

Related articles