The EU General Data Protection Regulation (GDPR) came into effect on May 25, 2018.
If you’re based in the EU or do business in the EU, then the answer is YES! GDPR has a long reach. If you have any EU personal data in your SuiteDash account, such as names, email addresses, ID numbers, or… anything personally identifiable, then GDPR applies. You are a Controller of personal data under GDPR, so you need to enter into GDPR-compliant data processing agreements with any online services and third party vendors you rely on, including SuiteDash. These agreements are commonly called a Data Processing Addendum, or DPA.
SuiteDash is committed to employing a wide range of safeguards that protect private data, and all of our processes are designed to adhere to the requirements of GDPR. SuiteDash, as an organization has always implemented and practiced processes that ensure that customer data is stored and processed in ways only necessary to serve our customers in the best possible way. Our privacy, security & data storage policies are also streamlined with the GDPR goals and objectives.
We are an Active Participant in the Data Privacy Framework Program managed by the International Trade Administration and the US Department of Commerce. More information can be found by reviewing our Privacy Policy
If you need to comply with GDPR and you’re using SuiteDash, then legally you’ll need to enter into a Data Processing Addendum (DPA) with SuiteDash. Processing EU personal data must be governed by a GDPR-compliant agreement. We provide a standard Data Processing Addendum (DPA) to extend GDPR privacy principles, rights, and obligations everywhere personal data is processed.
To ensure no inconsistent or additional terms are imposed on us beyond that reflected in our standard DPA and model clauses, we cannot agree to sign customers’ DPAs. We are not able to make individual changes to our DPA.
Click HERE to sign the DPA online
Following the link above will start an electronic signing process that when complete, will become legally binding. A copy of the signed addendum will be emailed to you.
SuiteDash uses third party subprocessors, such as cloud computing providers and customer support software, to provide our services. We enter into GDPR-compliant data processing agreements with each subprocessor, extending GDPR safeguards everywhere personal data is processed.
Subprocessors located in the United States:
GDPR regulations require the following of any company or organization that is outsourcing the personal data of its’ customers or clients to a 3rd party software supplier:
You should be able to answer and/or assess the following.
You can enter into a DPA agreement with SuiteDash by clicking HERE
You can see a list of the subprocessors that SuiteDash uses above. Yes, we have DPAs in place with each one.
You can see a list of the subprocessors that SuiteDash uses above. You can use this information to make your risk assessment.
The information on this page is as transparent as we can possibly be. You can use this information to make your assessment.
You’ll have to use the information we provided both on this page and in our DPA to make your audit.
SuiteDash is committed to the following actions within 72 hours of any security breach: Carrying out an investigation, informing both regulators and individuals of a breach, disclosing what personal data has been impacted and how, and how the issue will be addressed moving forward. If, for whatever reason, we are not able to complete these steps within 72 hours, we will provide reasonable justification for the delay. Historical data on security breaches as well as announcements of known breaches will be reported HERE
You can contact us directly at privacy@suitedash.com with your requests.
SuiteDash provides an self actuated export functionality for all Contact data, including any associated personal information or created custom fields.
SuiteDash will hold your account for up to 3 months just in case you decide to return, but after that your data will be automatically deleted. If you request that your data is deleted in advance of this automated process, we will comply if we can establish that the requester has the proper authority to make such a request.
All of SuiteDash’s customer’s data & files are backed up multiple times per day using the industry standard snapshot method, and stored in a redundant fashion across the Amazon AWS data center network. These backups are encrypted at rest and are automatically deleted when they reach 14 days of age.