What is the EU GDPR?

GDPR stands for General Data Protection Regulation. It is the core of Europe's digital privacy legislation. Put simply, GDPR refers to the European Commission’s method of ensuring the security of its citizens’ personal data by regulating privacy guidelines regarding the processing of EU personal data.

Who does GDPR affect?

GDPR affects any service or activity that collects, stores, or processes any personal data of EU residents. As per the GDPR, EU personal data refers to any data that can directly or indirectly be used to identify an EU resident, such as name, address, and IP address.

Does GDPR require that EU personal data stay in the EU?

No, GDPR does not require that EU personal data stay in the EU. GDPR’s reach is global and it protects the personal data of its citizens regardless of where the data is collected, stored, or processed.

How does GDPR apply to Tadabase?

As per the GDPR, Tadabase plays two roles in operating your data:

Tadabase’s first role is that of a Data Controller. As a company, we require some information from our customers upon sign up, such as name and email address. This information makes us the Data Controllers.

The second role we serve at Tadabase is Data Processors. When you, our customer, use Tadabase to collect and store your data to build your applications, this makes you the Data Controllers and us, Tadabase, the Processors of your data.

What steps have we taken to become GDPR compliant?

In many ways, our preexisting practices and policies enabled us to align with the requirements of GDPR without major changes. While we use sub-processors for certain activities, such as email delivery and data center hosting via AWS, Tadabase does not and has never shared customer application data with any 3rd parties.

We are and have always been committed to transparency with regards to our control environment and privacy practices. Tadabase has always committed and now reinforces our commitment to informing our customers of any suspected or actual data breaches expeditiously.

Additionally, we have taken the following steps towards GDPR compliance:

  • - We compiled and maintain accurate data inventory of our 3rd party vendors, or sub-processors as per the GDPR, with whom we share data and we have published our sub-processor list below.
  • - We created a GDPR-aligned Customer Data Processing Agreement.
  • - We created, documented, and implemented a Right to be Forgotten process.
  • - We received Privacy Shield certification in 2019 and updated our Privacy Policy to meet GDPR requirements.

Our Sub-processors:

Name

Purpose

Country

AWS Amazon

Data Hosting

United States

Cloudinary

Image Hosting

United States

Twilio

SMS/Texting

United States

Dropbox

Custom File Hosting

United States

SendGrid

Email Services

United States

Mix Panel

Product Analytics

United States

BugSnag

Bug Tracking

United States

What steps should customers take to be
compliant with the requirements of GDPR?

As in all other areas of data security, the privacy and protection of customer data is a partnership between the customer and Tadabase. Customers can read up about the new regulations and guidelines of GDPR to learn how it may affect them and their businesses. Customers can consult their attorneys to determine if any changes need to be made in regards to how they collect and store data on Tadabase.

In addition to strengthening our strictest privacy policies and procedures for GDPR compliance, we have updated our Data Processing Addendum to include additional provisions which can assist customers with their GDPR compliance.

At Tadabase, we view GDPR as an opportunity to strengthen our already vigorous security initiative which follows strictest industry-standard policies and procedures for maximum protection of our customers’ data. Customers can learn more about our security initiative in its entirety on our security page.