General Data Protection Regulative

  • GDPR research
  • Prepare GDPR communication page
    We prepared a page speciffically designed to meet GDPR requirements here: /gdpr.
  • Appoint a Data Protection Officer
    We are in a process of appointing a DPO.
  • Prepare GDPR requests form
    All our users are able to login into their profile where they can review, change and export their data, view their consents and manage newsletter subscriptions. We've also prepared dedicated web form where additional change, view and delete requests, as well as complaints and other info can be communicated directly with our support team.

Documents

  • Data description, collections, locations and subprocessors.pdf
    Whole our web infrastructure is located on secure servers in one of Digital Ocean's datacenters. We have prepared a document where we describe all of your data we collect, reasons for storing and processing it, devices and locations of stored data. Some of your data needs to be processed by some internal and external services or processors. We've prepared list of all subprocessors and other services that process your data, data description and reasons for why, when and which data do we share.
  • GDPR activity.pdf
    We've established data security trainings, plans and will keep a history record about all our data and privacy related activities.
  • Privacy policy
  • Terms and conditions
  • Cookies

Data cleanup

  • Data validation, repair and cleanup
    We are in the process of validating current data and cleaning up historical data.
  • Receive consent
    We will ask user to give us a consent for future profiling, newsletters and marketing activities. Consent for order related processing and some newsletters has already been given.
  • Data removal
    We will run massive cleanup script for all users that won't give consent until May 25th 2018, and for users from which we don't need data anymore.

Security

  • Privacy by design
    Our services and your data are stored on highly secure servers. Our services are mostly automated, as much encrypted and safe as possible and under constant review.
  • HTTPS
    All of our web services are forced to be accessed only over secure connections.
  • Storage encryption
    Whenever and wherever possible we encrypt, anonymize or pseudomize your data.