Here at Aisle Planner, we've been working hard to fulfill GDPR obligations and maintain transparency about how we use data. We know it's a hot topic, so we thought we'd share an overview of GDPR and how we've prepared for it here at Aisle Planner HQ.
What is GDPR?
The General Data Protection Regulation "GDPR" is a data protection law that strengthens the rights and the privacy and security of an individual's data and applies to the processing of personal data as well as the rights of an individual. The GDPR applies to all organizations operating in the European Union and processing “personal data” of EU residents. The definition of "personal data" under the GDPR covers any information relating to an identified or identifiable natural person. Learn more about GDPR here.
How does GDPR impact Aisle Planner and its customers?
The GDPR regulates the "processing" or personal data of any EU resident (who is referred to as a "data subject"). "Processing" includes the collection, storage, transfer, or use of personal data. This means that regardless of whether or not you reside in the EU, the GDPR affects you and your business if you process or hold the data of any individual in the EU and as such, you are subject to the rules of the GDPR.
As a leading software provider for the wedding industry, Aisle Planner receives data points from all over the globe, including data that contains personal data from data subjects. This means that both Aisle Planner and our customers sending us data will need to comply with the requirements of the GDPR.
How has Aisle Planner prepared for GDPR?
As a company, we embrace these changes, and our policy updates are intended to reflect the transparency the GDPR requires.
We've updated our Data Processing Agreements (DPA's):
Strong data protection commitments are a key part of GDPR’s requirements. Our updated data processing agreement shares our privacy commitments and sets out the terms for Aisle Planner and our customers to meet GDPR requirements. This is available for customers upon request.
We've certified for International Data Transfers:
The EU-US Privacy Shield is a framework negotiated and agreed upon by the European Commission and the U.S. Department of Commerce as a lawful, safe and secure way of transferring personal data.
To comply with EU data protection laws around international data transfer, we self-certified under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield framework.
We've appointed a Data Protection Officer
We've appointed a Data Protection Officer to help with any requests or questions you have regarding your data. You can get in touch through the Messenger, or by emailing firstname.lastname@example.org.
We've coordinated with our partners
We’ve reviewed all our vendors, confirmed their plans for GDPR compliance and have arranged similar GDPR-ready data processing agreements with them. You can learn more about our authorized subcontractors (data sub-processors) here.
We’re taking new security measures
Security is a priority for us. We’ve taken great care to partner with trustworthy, GDPR compliant companies as our authorized technology subcontractors that provide scalable and secure storage for not only our own, but also all of our client’s important data. Among them, we've partnered with AWS (Amazon Web Services) to provide our data storage infrastructure and Stripe, to provide PCI-Compliant payment processing, for both Aisle Planner subscriptions and online payments. To learn more about our authorized subcontractors, please review Exhibit B in our Data Processing Agreement.
With multiple data redundancies that are backed up daily and stored in multiple locations, we take all reasonable precautions to keep your data safe and minimize as much risk as possible. Your data is transmitted through a secure HTTPS connection as encrypted data to our servers, and your data is encrypted both in transit and at rest.
We also have strong internal processes for protecting data. In addition, our server infrastructure is updated continually with the most recent security patches to ensure we’re keeping up to date on the ever-changing world of cyber security.
Feel free to reach out to us in the Messenger if you have any questions about GDPR - we’d be happy to chat with you about it.