GDPR

Gavagai is dedicated to maintaining the best security for our partners and customers and their customers in turn when it comes to the protection of personal data under the GDPR.

What you should know

GDPR distinguishes between a data controller (who collects and owns the data) and a data processor (who handles the data on behalf of the controller). Gavagai is a data processor. As a customer of Gavagai, you are either the controller, if using Gavagai to analyze your own data, or a sub-contracted to processor if you process another company’s data.

In most cases, the data we process should not contain personal data and if this is the case, no further action on your part (as a customer) is needed.

If on the other hand, you need to process personal data that falls under the GDPR, you will either be classified as the data controller, if the data being processed originates from you, or as a sub-processor, if the originates from a customer of yours. If you are data controller, you must meet certain obligations, such as notifying or obtaining data subject consent, if you are processing personal data.

How Gavagai can help

As the data processor, Gavagai promises to:

Keep your data safe, secure, and private
Disclose our sub-processors and monitor their GDPR compliance
Keep records of compliance and audit logs as required
Make available tools to handle data subject requests, such as right-to-erasure and right-to-access
Notify you of a security breach using your account notification contact

 

The Data Privacy and Processing Addendum

Although GDPR is very new, the standard has begun to emerge that each data processor writes a Data Processing Addendum that specifically covers the legal language needed to demonstrate compliance with GDPR. Since this document must reflect our actual internal policies and procedures, Gavagai (as the processor) is in the best position to enumerate how we comply. (We can’t sign a contract that claims we do something that we actually don’t do!)

Every Gavagai customer is eligible to request and sign our established Data Processing Addendum. Simply email us at support@gavagai.se.

Sub-Processors

Gavagai utilizes the following Sub-Processors when providing our service:

Chargify - https://help.chargify.com/my-account/gdpr.html
3scale - https://access.redhat.com/gdpr
Fortnox - https://support.fortnox.se/hc/sv/sections/115001535709-GDPR
Hubspot - https://www.hubspot.com/data-privacy/gdpr
MailChimp - https://blog.mailchimp.com/tag/gdpr/