This document will outline how General Data Protection Regulation (GDPR) affects Talent Tank, and customers of Talent Tank; including what action we have taken in response, and the information you need as a customer of Talent Tank to best comply with these new laws coming into force on May 25th, 2018.
TalentTank and GDPR – Our Commitment to Data Privacy
TalentTank is committed to compliance with the General Data Protection Regulation (GDPR). The regulation contains the most significant changes to European data privacy legislation in the last 20 years. It is designed to give EU citizens more control over their data and seeks to unify a number of existing privacy and security laws under one comprehensive law.
Our customers can trust that we have made GDPR a priority and have devoted significant resources toward our efforts to comply with GDPR. This post outlines our approach and progress to date.
How is TalentTank preparing for GDPR?
Like many other software companies, we are implementing our company-wide GDPR compliance strategy leading up to May 25, 2018 and beyond. We appreciate that our customers have requirements under GDPR that are directly impacted by their use of our services, and we are committed to helping our customers fulfill their requirements under GDPR.
Below are a few examples of initiatives we have committed to in order to satisfy GDPR requirements that apply to both our customers and us:
- Committing to security and privacy measures required under GDPR.
- Assisting our customers with satisfying their GDPR data security and privacy requirements, notifying regulators of personal data breaches on our systems and promptly communicating any such breaches to our customers and end-users.
- Ensuring our staff that access and process our customer’s personal data are bound to maintain the confidentiality and security of that data.
- Holding any sub processors that handle our customers’ personal data to the applicable data management, security and privacy standards required under GDPR.
- Committing to carrying out data impact assessments and consulting with EU regulators where appropriate.
Do you process personal data of our customers?
Where do you send customer data?
Our goal is to provide our customers with secure, fast and reliable service. As a provider of a global service, we run our service with common operational practices and features across multiple jurisdictions. For example, we currently store data in data centres provided by Amazon Web Services (AWS) located in the UK (see https://aws.amazon.com/security
Can you guarantee that my data will stay in a certain location (e.g., Europe)?
Yes, we work with each one of our customers to ensure that if you request for your environment to be hosted in the EU, that we will do just that. In all cases where data is transferred outside of the E.U., TalentTank commits to ensuring such transfers are compliant with applicable data transfer laws, including GDPR.
Can you assist my company with responding to an Individual Rights Request (Subject Access Request)?
In many cases, customers may be able address these types of requests by logging into our services and using functionality or settings available within the services. Where this is not possible, please contact us to request assistance with any such individual rights requests.
Do you offer your customers a Data Processing Addendum?
Yes! We understand that our customers, will require that, where we are a processor of EU personal data, we execute additional terms that meet GDPR obligations with respect to the processing of that EU personal data. The Trello Data Processing Addendum is available upon request to review and use to meet your onward transfer requirements under GDPR. To obtain a copy of our DPA please ask Trello Support at https://trello.com/contact
Who can I contact with questions regarding GDPR?
For all GDPR enquires, please contact: firstname.lastname@example.org
or alternatively, please visit our contact page.