The EU General Data Protection Regulation (GDPR) came into effect on May 25, 2018.
If you’re based in the EU or do business in the EU, then the answer is YES! GDPR has a long reach. If you have any EU personal data in your SuiteDash account, such as names, email addresses, ID numbers, or… anything personally identifiable, then GDPR applies. You are a Controller of personal data under GDPR, so you need to enter into GDPR-compliant data processing agreements with any online services and third party vendors you rely on, including SuiteDash. These agreements are commonly called a Data Processing Addendum, or DPA. Also, in the the event of infringement of these laws, you can face fines and penalties from 10 million to 20 million or 2% to 4% of the annual revenue of the organization depending upon whichever is higher.
If you need to comply with GDPR and you’re using SuiteDash, then legally you’ll need to enter into a Data Processing Addendum (DPA) with SuiteDash. Processing EU personal data must be governed by a GDPR-compliant contract. We provide a standard Data Processing Addendum (DPA) to extend GDPR privacy principles, rights, and obligations everywhere personal data is processed.
SuiteDash participates in the EU-US and Swiss-US Privacy Shield Framework to safeguard the transfer of personal data to the US, thus meeting the GDPR requirement for adequate data protection laws.
SuiteDash uses third party subprocessors, such as cloud computing providers and customer support software, to provide our services. We enter into GDPR-compliant data processing agreements with each subprocessor, extending GDPR safeguards everywhere personal data is processed.
Subprocessors located in the United States:
GDPR regulations require the following of any company or organization that is outsourcing the personal data of its’ customers or clients to a 3rd party software supplier:
You should be able to answer and/or assess the following.
You can enter into a DPA agreement with SuiteDash by clicking HERE
You can see a list of the subprocessors that SuiteDash uses above. Yes, we have DPAs in place with each one.
You can see a list of the subprocessors that SuiteDash uses above. You can use this information to make your risk assessment.
The information on this page is as transparent as we can possibly be. You can use this information to make your assessment.
You’ll have to use the information we provided both on this page and in our DPA to make your audit.
SuiteDash is a participating member in the EU/US and Swiss-US Privacy Shield Framework. You can confirm this HERE
SuiteDash is committed to the following actions within 72 hours of any security breach: Carrying out an investigation, informing both regulators and individuals of a breach, disclosing what personal data has been impacted and how, and how the issue will be addressed moving forward. If, for whatever reason, we are not able to complete these steps within 72 hours, we will provide reasonable justification for the delay. Historical data on security breaches as well as announcements of known breaches will be reported HERE
You can contact us directly at firstname.lastname@example.org with your requests.
SuiteDash provides an self actuated export functionality for all Contact data, including any associated personal information or created custom fields.
SuiteDash will hold your account for up to 3 months just in case you decide to return, but after that your data will be automatically deleted. If you request that your data is deleted in advance of this automated process, we will comply if we can establish that the requester has the proper authority to make such a request.
All of SuiteDash’s customer’s data & files are backed up multiple times per day using the industry standard snapshot method, and stored in a redundant fashion across the Amazon AWS data center network. These backups are encrypted at rest and are automatically deleted when they reach 14 days of age.