GDPR Compliance

Everything you need to know about Cindie’s GDPR compliance

What is GDPR?
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU)

To whom does the GDPR apply?
One way in which the personal data of an EU citizen could be collected when using Cindie’s is when you build a database of contacts, their information, and business dealings with them (i.e. a CRM system). Not all customers will be “data subjects”, as data subjects are only individuals. Some of your customers may be businesses or government organizations, which the GDPR does not apply to.

Is Cindie’s GDPR compliant?
Yes, everything is set for Cindie’s to be compliant with the GDPR when it becomes enforceable in May 2018.

More GDPR FAQs

Do you have any dedicated data protection officer (DPO) or compliance / security team working?
We have a staff member assigned to the role of handling GDPR and GDPR-related tasks. Please direct all your questions related to GDPR compliance to [email protected]

How will you verify to customers that you are in compliance with the new regulation?
If you wish for formal verification, you can provide us with your Data Processing Agreement template, which we can returned filled and signed.

How is sensitive information stored, and do you have processes in place in the event of a data breach?
Sensitive information is stored securely, with limited access. We react to Data breaches immediately, by notifying affected parties, DPO and local Institutions, according to our internal GDPR project.

For how long do you store customer data?
We store customers’ data only for the time of using our services or until they request to delete their data.

Where is your customer data physically stored?
Our customer data is stored on secured Google Cloud-based servers, which are CDN-oriented.

Which of your teams will have access to customer personal information? 
We access customer’s personal information only based on prior request by the customer or with the customer’s approval. In most common cases, it is the customer support team, development team or marketing team.

How does your organization handle instances when customers request their data be removed from your system(s)?
When a customer requests deletion of their data, we proceed with the deletion immediately, with no further delay.

How you handle data protection requirements with any of your sub-processors?
We sign Data Processing Agreements with each of our sub-processors or subcontractors.

What new safeguards or processes are you implementing to meet the May 25 deadline?
Most of the safeguards and processes have been in place before because we don’t take privacy of our customers’ data lightly. We are implementing more guidelines on how to handle sensitive data, how to react to incidents and data breaches and more.

What processing operations are done by the Data Processor (Cindie’s)?
All actions necessary to provide adequate customer support and reliable service.

Who are the Data subjects?
Persons whose data has been shared with Cindie’s.

What are the Categories of Data?
Name, Email, Phone number, Address, IP Address, Timestamps of actions, Browser Cookies.

Are there any Special Categories of Data?
Yes, some of our forms require information about the customer’s business goals in order to provide the best service. See the full list of required information fields on https://cindies.com

How are cross border transfers handled, who is the data exporter and who is the data importer?
Cross border transfers are done within EU or US grounds.

Additional security measures

HTTPS Encryption
All Cindie’s hosted accounts run over a secure connection using the HTTPS protocol. Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to. It means all communication between your browser and Cindie’s is encrypted, including your chat and email communication.

API Security
Cindie’s REST API is restricted to accredited users based on username and password or username and API tokens.

Request Information Removal
Cindie’s provides customers the option to delete Service Data that may contain personal data, such as profiles, commissions, IP addresses, logs, and other data in active Cindie’s accounts.

Affiliate account & Associated data deletion
Cindie’s provides affiliates the option to delete Service Data that may contain personal data, such as profiles, commissions, IP addresses, logs, and other data in active Cindie’s accounts.

Additional resources
Cindie’s Terms Of Service & Privacy Policy
Cindie’s Cancellation & Refund Policy
Cindie’s Returns for online orders