The EU General Data Protection Regulation (GDPR) is the most comprehensive change to EU data privacy law in decades.
What is the GDPR?
The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union. For EUR residents, the regulation aims to increase their control over their personal data. For businesses, the GDPR becomes a unifying regulation across the EU. Once the GDPR takes effect on the 25th of May, it will replace the 1995 Data Protection Directive.
Does this affect me?
The GDPR regulation applies to any EU residents’ data, regardless of where the processor or controller is located. This means that if you’re using Aromatherapy Rocks from the US to reach out to other US corporations, the regulation doesn’t affect you. But if some of your customers or leads are in the EU, you should pay attention to it.
In practice, most companies need to take the GDPR into consideration.
Data Processing Addendum
Aromatherapy Rocks is in most cases a processor. As a data controller, under Article 28 of the GDPR, you need a data processing addendum (DPA) signed with your processors. We’ve made this procedure simple and have the contract ready to be signed. Contact us at: support@aromatherapy to get started.
How Aromatherapy Rocks is complying with the GDPR
Even though the GDPR only applies to data from EU residents, we took the decision to apply broadly the requirement of the regulation. This means we don’t restrict any privacy related feature based on the geographical location of a data subject.
Here are some of the actions we’ve taken to ensure we’re compliant:
We’re taking the security of the data we manage very seriously.
We’ve also migrated our entire infrastructure behind Google’s Cloud Infrastructure to systematically block potential threats and created extensive security measures.
To improve, debug or prevent fraud on the service, we use services of proven merchant processors such as ClickBank and PayPal among others. This improves your data is safe
and more importantly it allows us to not “control” any personal information as it’s handled by trusted and proven third parties.
The GDPR gives the right to any user to download any data that he provides to a service. This allows for easier migration to other services. We think this is a great idea and our team has always made it possible for users to download their data.
Systematic pseudonymisation of non-public data
Our Google Chrome extensions and apps are built in such a way that you control your own data and don’t centrally control your data other than in the rare cases where our fraud and abuse team deems an account to be breaking our Terms of Service. Any attributes of the data that doesn’t need to remain in it’s original form is truncated to remove any possibility to be linked back to a specific data subject.
Thanks to this approach, our service keeps the same level of usefulness for our users while also maintaining the privacy of your data.
Terms of Service Compliance
We highly recommend our users to never misuse data and to erase any unused data from their computers as soon as possible. In addition, any data used by users of the app are using it for “legitimate interests” of benefiting their business by using the data. However, users are strictly recommended to send no more than 1 email to a user for “legitimate interests” purposes of providing their high-quality services for businesses.
This is a strong reason to contact a prospect just once as this cold email logically connects with their business statute as both businesses will benefit from the potential business relation. In addition, after one week, we recommend any and all data that is not used to be deleted permanently from their system and not share this data with anyone, ever. This has been a strict policy since the inception of the application and is taken very seriously.
Any user who is found to have misused this, is immediately terminated and have their account banned permanently. While EU user exposure is very little for our applications due to language barriers and other barriers of entry, we have placed this policy since the beginning to ensure proper compliance and ensure responsible practices are followed by all users regardless of whether they are doing business with EU users or people around the world.
Right of erasure
Because we deal with publicly available web data, information removed from a website are also removed from our database. But if a data subject wishes to speed up the removal of any in our index, we offer a simple an efficient way to claim email addresses by contacting us at: email@example.com. It is then possible to either update the data or entirely remove it.
How we protect your information
We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our Site.
Changes to this page
If you have any questions, please contact us at: firstname.lastname@example.org Revised – May 17, 2019