GDPR Commitment

What is GDPR?

The EU General Data Protection Regulation (GDPR) came into effect on May 25, 2018.

Does GDPR affect you?

If you’re based in the EU or do business in the EU, then the answer is YES! GDPR has a long reach. If you have any EU personal data in your SuiteDash account, such as names, email addresses, ID numbers, or… anything personally identifiable, then GDPR applies. You are a Controller of personal data under GDPR, so you need to enter into GDPR-compliant data processing agreements with any online services and third party vendors you rely on, including SuiteDash. These agreements are commonly called a Data Processing Addendum, or DPA.

Our commitment to GDPR

SuiteDash, as an organization has always implemented and practiced processes that ensure that customer data is stored and processed in ways only necessary to serve our customers in the best possible way. Our privacy, security & data storage policies are also streamlined with the GDPR goals and objectives. More information can be found by reviewing our Privacy Policy

SuiteDash is committed to employing a wide range of safeguards that protect private data, and all of our processes are designed to adhere to the requirements of GDPR.

Data Processing Addendum

If you need to comply with GDPR and you’re using SuiteDash, then legally you’ll need to enter into a Data Processing Addendum (DPA) with SuiteDash. Processing EU personal data must be governed by a GDPR-compliant contract. We provide a standard Data Processing Addendum (DPA) to extend GDPR privacy principles, rights, and obligations everywhere personal data is processed.

To ensure no inconsistent or additional terms are imposed on us beyond that reflected in our standard DPA and model clauses, we cannot agree to sign customers’ DPAs. We are not able to make individual changes to our DPA.

Click HERE to sign the DPA online

Following the link above will start an electronic signing process that when complete, will become legally binding. A copy of the signed addendum will be emailed to you.

SuiteDash subprocessors

SuiteDash uses third party subprocessors, such as cloud computing providers and customer support software, to provide our services. We enter into GDPR-compliant data processing agreements with each subprocessor, extending GDPR safeguards everywhere personal data is processed.

Subprocessors located in the United States:

Checklist for Data Controllers

GDPR regulations require the following of any company or organization that is outsourcing the personal data of its’ customers or clients to a 3rd party software supplier:

You should be able to answer and/or assess the following.

Do you have a Data Processing Agreement (DPA) with the software supplier?

You can enter into a DPA agreement with SuiteDash by clicking HERE

Does the data processor use data processors of their own? Do they have DPAs with these?

You can see a list of the subprocessors that SuiteDash uses above. Yes, we have DPAs in place with each one.

Did your company / organization do a risk assessment of the outsourcing?

You can see a list of the subprocessors that SuiteDash uses above. You can use this information to make your risk assessment.

Did your company / organization assess the data processor’s ability to comply with these requirements?

The information on this page is as transparent as we can possibly be. You can use this information to make your assessment.

How does your company / organization audit the data processor’s ability to comply with the DPA?

You’ll have to use the information we provided both on this page and in our DPA to make your audit.

Does the data processor have a procedure for informing customers about privacy breaches?

SuiteDash is committed to the following actions within 72 hours of any security breach: Carrying out an investigation, informing both regulators and individuals of a breach, disclosing what personal data has been impacted and how, and how the issue will be addressed moving forward. If, for whatever reason, we are not able to complete these steps within 72 hours, we will provide reasonable justification for the delay. Historical data on security breaches as well as announcements of known breaches will be reported HERE

How can the data processor assist with your customer’s requests, complaints in terms of their rights within the GDPR?

You can contact us directly at privacy@suitedash.com with your requests.

How can customers access their data stored in the software solution?

SuiteDash provides an self actuated export functionality for all Contact data, including any associated personal information or created custom fields.

If we cancel our account and no longer use the software, will the data processor delete the data?

SuiteDash will hold your account for up to 3 months just in case you decide to return, but after that your data will be automatically deleted. If you request that your data is deleted in advance of this automated process, we will comply if we can establish that the requester has the proper authority to make such a request.

Who is doing the backup of customer data, how often and using what method?

All of SuiteDash’s customer’s data & files are backed up multiple times per day using the industry standard snapshot method, and stored in a redundant fashion across the Amazon AWS data center network. These backups are encrypted at rest and are automatically deleted when they reach 14 days of age.