GDPR

Gavagai is dedicated to maintaining the best security for our partners and customers and their customers in turn when it comes to the protection of personal data under the GDPR.

What you should know

According to the General Data Protection Regulation (GDPR) there is a distinguishment between:

Data Controller - who collects and owns the data
Data Processor - who handles and processes the data on behalf of the Controller

 Gavagai is a Data Processor. As a customer of Gavagai, you are either the Controller, if you use Gavagai to analyze your own data, or a sub-contracted to the Processor if you process another company’s data.

In most cases, the data we receive for processing should not contain any personal data. So, if this is the case, no further action on your part (as a customer) is needed.

On the other hand, if you need to process personal data that falls under the GDPR, you will either be classified as:

Data Controller, if the data being processed originates from you
Sub-Processor, if the originates from a customer of yours

As a Data Controller, you also must meet certain obligations, such as notifying or obtaining data subjects’ consent if you process personal data.

How Gavagai can help

As the data processor, Gavagai promises to:

Keep clients’ data safe, secure and private
Handle Data Subject requests, such as right-to-erasure and right-to-access
Keep records of compliance and audit logs as required
Disclosure our sub-processors and monitor their GDPR compliance
Notify about security breach using account contact information 

The Data Privacy and Processing Addendum

According to the new regulation each data processor is required to write a Data Processing Addendum that specifically covers all the details and legislation needed to demonstrate compliance with GDPR. Since this document must reflect our actual internal policies and procedures, Gavagai (as the Data Processor) is in the best position to enumerate how we comply.

Every Gavagai customer is eligible to request and sign our established Data Processing Addendum. Please email us at support@gavagai.se.

Sub-Processors

When providing our service, Gavagai utilizes the following Sub-Processors:

3scale - https://access.redhat.com/gdpr
Fortnox - https://support.fortnox.se/hc/sv/sections/115001535709-GDPR
Chargify - https://help.chargify.com/my-account/gdpr.html
Atlassian services (JIRA, Confluence, HipChat, Trello) - https://www.atlassian.com/blog/announcements/atlassian-and-gdpr-our-commitment-to-data-privacy
Hubspot - https://www.hubspot.com/data-privacy/gdpr
MailChimp - https://blog.mailchimp.com/tag/gdpr/
・  Freshdesk - https://www.freshworks.com/privacy/gdpr/company/
・  Zapier - https://zapier.com/help/gdpr/