Summary
As users of our services, you entrust us with your important information. Protecting your data and giving you options to manage it are our top priorities. We recognize the specific concerns of EU companies regarding the use and safeguarding of your information, which is why we have created this page to address some of the frequently asked questions.
- The Security and Privacy page gives a summary of our data center security, application security, and our policies on data retention.
- The GDPR page outlines in detail how our services comply with GDPR requirements.
- The DPA page provides information about our Data Processing Addendum for our customers.
- The Sub-processors page lists our sub-processors in compliance with GDPR and provides a method for you to receive notifications about any new sub-processors we engage.
If you have any questions or concerns about how we handle your data, please contact us at [email protected].
Security & Privacy
For a comprehensive overview of our security and privacy protocols, please check our Privacy Policy, Data Processing Agreement, and Trust Center. Highlighted below are some key aspects of our security infrastructure.
Data Centers
Chatling's main data storage and processing infrastructure are situated at DigitalOcean's data center in Amsterdam, Netherlands. Although the GDPR does not mandate physical servers in the EU, we have taken this extra step to ensure that your data is stored within the EU region.
Details on DigitalOcean Data Center
DigitalOcean's data centers uphold high security standards, incorporating several layers of security measures. Their infrastructure is continually maintained and monitored 24/7/365 following internationally recognized security controls and undergo third-party audits as well targeted testing annually. For physical security, each of their data center colocation providers maintain industry-recognized certifications and their networks are MANRS certified.
For more information on DigitalOcean's security, please refer to this page.
Additional Security Protocols
For information on our application security, data retention policies, and other security measures, please refer to our Trust Center.
General Data Protection Regulation (GDPR)
What is GDPR?
The General Data Protection Regulation (GDPR) was officially adopted by the European Commission in 2016. This regulation represents a significant overhaul of data protection regulations within the EU, superseding prior laws such as the Data Protection Directive and individual member state legislations. It officially took effect on May 25, 2018.
Why is GDPR important?
The GDPR introduces new obligations for organizations regarding the safeguarding of personal data. Furthermore, it intensifies compliance requirements by enhancing enforcement and increasing penalties for violations.
What measures has Chatling taken to adhere to GDPR?
Our ongoing commitment to privacy is demonstrated through various updates and initiatives:
Our teams have diligently worked to ensure our services are in line with GDPR regulations. As the Data Processor for your client and end-user information, we offer a GDPR-compliant Data Processing Agreement which is accessible here.
Specific actions taken include:
- Continual processing of customer and end-user data according to your directives.
- Implementation of suitable technical and organizational safeguards, detailed in Exhibit C of our Data Processing Agreement.
- Provision of a list of our sub-processors available here.
- Establishment of policies to ensure the confidentiality of your data by our personnel.
- Implementation of procedures to help you handle access, modification, or deletion requests from your clients or end-users. Details can be found under "How do you manage access to my information (DSR requests)?" on this webpage.
- Prompt notification procedures in place for data breaches, although our aim is to prevent such occurrences altogether.
- Assurance of data deletion post-termination of our agreement upon your request.
- Updates to our Terms of Service and Privacy Policy for better clarity on our practices, assisting you in conveying this transparency to your customers and end-users.
What has Chatling done regarding international data transfers under GDPR?
Similar to its predecessor, the Data Protection Directive, the GDPR addresses the issue of international data transfers. We have collaborated with legal experts to formulate a standard Data Processing Agreement (DPA) which incorporates the latest Standard Contractual Clauses (SCCs) and thoroughly outlines our security practices. To review this document, please visit the Data Processing Agreement page.
Does GDPR mandate that my data be stored within the EU?
No, the GDPR permits the transfer of personal data outside the EU, provided that there are adequate safeguards in place to protect the data. We offer a Data Processing Agreement featuring updated Standard Contractual Clauses to ensure compliance.
Managing access to personal information (DSR requests)
If you are an account holder, you can access, correct, or request deletion of your personal data by reaching out to us at [email protected]. This service is also extended to personal data of others, such as employees or customers, under your account. We aim to respond to such requests promptly, within a 14-day timeframe, well within the GDPR's 30-day limit.
We're here to assist you. For any inquiries or concerns about how we handle your personal data, including under GDPR, feel free to contact us at [email protected].
