If you're using Formaloo for your data collection, you're in a good place. Formaloo is fully compliant with the EU General Data Protection Regulation. Formaloo is capable of conducting business with all EU-based customers (and all companies working with EU-based clients) since the GDPR deadline, May 25th, 2018.
The GDPR is intended to strengthen individuals’ rights and unify data protection rules across the EU through stricter personal data handling requirements and higher fines for non-compliance. The GDPR applies the processing of data subjects’ personal data by any size of EU or non-EU organization that provides goods or services to the EU or monitors EU users’ behavior.
In the FAQ right here, you can read about how to become 100% GDPR ready when you use Formaloo services in your own websites, mobile applications, products and even your own servers:
In 2016, the European Commission approved and adopted the new General Data Protection Regulation (GDPR). GDPR is a significant change in data protection regulation in the EU and it will come into effect on May 25, 2018.
The GDPR applies to all entities and individuals based in the EU and to entities and individuals, whether or not based in the EU, that process the personal data of EU individuals.
Nothing much, just in relation to your use of Formaloo, you need to be clear and transparent with your clients about your use of a third-party processor (Formaloo) to collect their personal data. Transparency is key under GDPR. For more information about the third-party processor, please visit the GDPR official website.
You can update your website privacy notice. Under the GDPR, you’re only required to say that you’re using an externally hosted third party to enable you to provide your service, rather than name Formaloo specifically. As an example, you could add some wording like this to your website privacy notice: “We use an externally hosted third party to manage and administer your data.”
When you use Formaloo Enterprise (Self-Hosted), you’ll be the data processor and the data controller. For more information about the data processor & data controller, please visit the GDPR official website. You’ll need to make sure to secure your databases & servers and manage the data according to the GDPR.
We retain all your form data for as long as your account is active. When you terminate or cancel your subscription, all your form data will be automatically deleted within 100 days.
Yes, we offer Data Processing Addendum (DPA) for our enterprise customers that qualify us as the data controller under the GDPR. Our DPA contains contractual terms that meet GDPR requirements and that reflect our data privacy and security commitments to our clients.