Encharge and the GDPR
Privacy and Security Contact
Slav Ivanov
slav@encharge.io
ul. Cherkovna 57,
office 19,
Sofia,
Bulgaria
1505
As part of our ongoing efforts to protect the security and privacy of our users, we are working to meet or exceed the GDPR (General Data Protection Regulation). This site contains information on what steps we are taking, their progress, and who to contact for any security concerns. Please see our FAQ for more information.
Data Processing Addendum
If you need a signed DPA, please click the button below to sign and download your copy of our DPA:
Make A Data Request
We respect the rights of individuals to know how their data is being used, export it or request that it be deleted.
Data Processing Partners
We rely on a number of trusted 3rd parties to assist with our operations. Depending on the exact nature of your account and what you've requested we do, your data may be shared with one of these partners. We carefully evaluate each to make sure they're handling your personal data with the utmost of respect, security, and privacy.
| Services | ||||
|---|---|---|---|---|
| Partner | Locale | Data Shared | Purpose | |
| Amazon Web Services EMEA SARL |  |
Any | Datacenter in Ireland |
|
| Any explicitly appointed 3rd parties |  |
any | Due to the nature of Enchare's software, 3rd party partners can be explicitly appointed by you by the act of connecting your Encharge's account to your account with the 3rd party partner, either through Encharge's interface or through the 3rd party partner interface. By explicitly appointing 3rd party partners, you agree to allow Encharge to transfer any information needed to provide the Encharge services. You might at any time remove the connection between your Encharge account and 3rd party partners appointed by you. |
|
| Google Universal Analytics |  |
IP Address | The analytics.js JavaScript snippet is a new way to measure how users interact with your website. It is similar to the previous Google tracking code, ga.js, but offers more flexibility for developers to customize their implementations. |
|
| Helpscout | |
email names user ID IP | Used for providing customer support |
|
| Mixpanel | |
email name user ID and others | Measure and track product usage. |
|
| Segment | |
IP Address | Segment gives you the ability to instrument your web app for analytics once, and then send your data to any number of analytics services. Previously known as Segment.io |
|
| Twilio Inc | |
email phone number first name last name any other data needed to send email on behalf of customer's Company | Encharge utilizes Twilio Sendgrid to send email messages for certain accounts. |
|
Compliance Tasks
GDPR Compliance requires maintenance and ongoing work. We are tracking our efforts here.
| Application Site Security | |
|---|---|
| Status | Name |
| Completed | Ensure Access to Backups is Restricted |
| Completed | Ensure Backups are Stored in on Encrypted File Storage |
| Completed | SSL (TLS) Deployed on App Site |
| Completed | Personal Data in Databases is Encrypted |
| Completed | Restrict Personal Data at Signup to the Minimum Necessary |
| Completed | Ensure Database Backups of Personal Data are working |
| Data Mapping | |
|---|---|
| Status | Name |
| Completed | Add Database Provider to Data Partner |
| Completed | Add Internal Email Service to Data Partners |
| Completed | Add Hosting Provider to Data Partners |
| Completed | Add Transactional Email Service to Partners |
| Completed | Add Email Newsletter Service to Partners |
| Completed | Add Exception/Error Reporting Services to Data Partners |
| Completed | Add CDN Provider to Data Partners |
| Marketing Site Security | |
|---|---|
| Status | Name |
| Completed | SSL (TLS) Deployed on Marketing Site |
| Completed | Reviewed list of users with access to site |
| Privacy Procedures | |
|---|---|
| Status | Name |
| Completed | Nominate a Data Protection Lead or Data Protection |
| Completed | Get Management Approval for GDPR Efforts |
| Completed | Process established for subject data requests |
| Completed | Procedure established to allow for people to request that inaccuracies in their data are fixed. |
| Completed | Privacy Policy Updates |
| Completed | Developed a Data Processing Agreement |
| Completed | Briefed all Staff on GDPR Impact to the organization |
| Completed | Informed all Employees and Contractors about GDPR Compliance |
| Security Procedures | |
|---|---|
| Status | Name |
| Completed | Publish statement on public website on how to report security and data issues. |
Frequently Asked Questions
If you have any concerns not answered here, please reach out to our contact (listed above) and we'll be happy to assist.
Do Non EU Companies need to comply with the GDPR?
While it remains to be seen if the EU has the legislative power to levy fines and enforcement against organizations around the globe, GDPR compliance is being sought by non EU companies for a variety of reasons.
- Customers and Prospects are making it a requirement
- It's a solid framework for improving the handling of personal information and complying with the GDPR requirements improves our own security.
How Do I Report a Security Issue?
We take all security reports seriously. Please email our security contact (information listed above) with any information you have regarding any potential data breaches, vulnerabilities or concerns.
What's the GDPR?
The General Data Protection Regulation (GDPR) is a new piece of privacy legislation enacted by the European Union. It represents a significant change in how personal (IP Addresses, Emails, Names) and sensitive (religion, ethnic origin, health, orientation) data is handled by companies.