The General Data Protection Regulation (“GDPR”) is a comprehensive data protection law that came into effect on May 25, 2018. It strengthens the protection of “personal data” and the rights of individuals in the EU. It outlines a set of rules which governs the processing and monitoring of EU data.
Our teams looked at all aspects of our company and made changes to ensure that we complied with GDPR regulations. This undertaking included updating processes and data to make sure we both met legal obligations and did the best thing for our customers. Some of the changes we made were:
We’ve created a data processing addendum (DPA) for customers who collect data from people in the EU. Our DPA shares our privacy commitments and sets out the terms for Zoomforth and our customers to meet GDPR requirements. You can view and download our DPA below.
One of the first steps in GDPR compliance is understanding your data. This means recognizing how it is used, stored, and removed. We sat down and mapped out all of the data that is processed by Zoomforth. We then used this map to determine where we needed to make improvements.
We take security at Zoomforth very seriously just as our customers do. We have been educating Zoomforth employees about GDPR and what it means for data processed by our application. We follow the principle that we collect and process the minimum amount of information needed to get the job done. We also reevaluated third-party processors to ensure that we were working with services which upheld GDPR standards.
We plan on sharing more information about our progress and will help our customers understand how they can be compliant when using Zoomforth.
For more about how we approach security and compliance, please read our security outline.
The EU-US Privacy Shield is a framework negotiated and agreed by the European Commission and U.S. Department of Commerce as a lawful way of transferring personal data.
To comply with EU data protection laws around international data transfer, we self-certified under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield framework.
We wanted to make GDPR compliance easy for our customers so we built a number of new features to facilitate these new requirements.
Control tracking of visitors in the EU: You will be able to offer visitors from the EU to consent to page tracking. Declining consent will anonymize their data and protect them from tracking who they are.
Control tracking of visitors outside the EU: For visitors outside of the EU, you may offer users an option to consent to tracking personal information. Users can also choose to anonymize all visitor data.