Elevio and GDPR Compliance

Last updated: 14th May 2018, effective as of May 25th 2018

On May 25th 2018, the European Union’s new privacy law, the General Data Protection Regulation (GDPR) will come into effect.

The GDPR is a sweeping legislation which strengthens the right to know how your data is collected, processed, stored, as well as grants the right to have your data deleted (the right to be forgotten).

The GDPR includes conditions like:

• Personal data must be collected in a fair and transparent way and must only be used responsibly.
• Personal data cannot be collected arbitrarily and must only be collected for a specific purpose.
• Personal data can only be held for the time needed to carry out this specific purpose.
• Citizens have the right to know what personal data is being collected. A person may request a copy of their data or that they’re data be deleted, restricted, or moved.

Even though GDPR is geared towards citizens of the Eurpoean Union, we believe every user has the right to privacy and we will be actioning data requests from any individual, within or outside the EU.

Data Processing Schedule

This DPS shall come into effect on May 25, 2018 and shall continue until it is changed or terminated in accordance with the ToS.

To ensure that no terms are imposed on us beyond those reflected in our standard DPA, we cannot agree to sign customers' specific DPAs as we do not have our own internal legal team. Any changes to our DPA will require legal counsel and the back and forth that goes with it, which will be too cost prohibitive for our company. (The exception to this, is our Enterprise level customers)