GDPR

Our commitment to our users and the protection of their data

We’re committed to helping reSmush.it users understand and, where applicable, comply with the General Data Protection Regulation (GDPR). The GDPR is the most comprehensive EU data privacy law in decades and came into effect on 25 May 2018.

In addition to strengthening and standardising user data privacy across EU member states, it introduces new or additional obligations on all organisations that handle EU citizens’ personal data, regardless of where the organisations are located. On this page, we explain how we help our customers comply with the GDPR.

GDPR compliance

The GDPR’s updated requirements are significant and we pay a constant attention to the GPDR compliance, operations and contractual commitments to help customers comply with the regulation. Measures we have implemented include:

• Investments in our security infrastructure and certifications
• Provide a secured API, and let our users know how we work
• Support for international data transfers by maintaining our Privacy Shield self-certifications and by executing standard contractual clauses
• Offering data portability and data management in the user personal account.
• Not preserving user data without its consent
• Keeping only anonymous data, only for statistical purposes.

Our security infrastructure standards and certifications

Protecting our customers’ information and their users’ privacy is extremely important to us. As a cloud-based company entrusted with some of our customers’ most valuable data, we’ve set high standards for security. We use certified datacenters, and all our data are stored in Europe (our main technical partner is Scaleway Datacenters).

reSmush.it has invested heavily in building a robust security team, one that can handle a variety of issues – everything from threat detection to building new tools. In accordance with GDPR requirements relating to security incident notifications, reSmush.it will continue to meet its obligations and offer contractual assurances.

International data transfers: Privacy Shield and contractual terms

To comply with EU data protection legislation on international data transfer mechanisms, we self-certify under the EU-US Privacy Shield. These frameworks were developed to establish a way for companies to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States.

In addition, we offer European Union model clauses, also known as standard contractual clauses, to meet adequacy and security requirements for our customers who operate in the EU.