The Munro Agency GDPR Supplier Check

GDPR Supplier Check

Compliance with data protection laws can be extremely complex. We provide helpful information, offer technical solutions, and share best practices that help make it easier for your business to comply with data protection regulations wherever you operate. As part of this process we have also conducted an audit of all the services we use

 

DropBox

https://www.dropbox.com/en_GB/security/GDPR

  • Trust is the foundation of our relationship with millions of people and businesses around the world. We value the confidence you’ve put in us and take the responsibility of protecting your information seriously.
  • ​​Dropbox places the utmost importance on data protection and has a track record of staying ahead of the compliance curve – for example, we were one of the first cloud service providers to achieve ISO 27018 — the internationally recognised standard for leading practices in cloud privacy and data protection. ​​
  • Dropbox’s Legal, Trust, and Privacy teams have carefully analysed the GDPR and are undertaking the necessary steps to ensure that we comply.
  • ​​We will meet the requirements of the GDPR by 25 May 2018.

 

RIVER Mentoring

https://www.riversoftware.com/solutions/why-river

Security is vitally important to us. Our security measures include:

  • SSAE 16 Type II Certified hosting environment
  • Monthly vulnerability scans and an annual application security review by an independent third party
  • Your data is stored in a high-security computing environment protected by 24/7 surveillance and accessible only by authorized personnel
  • All production systems are fully redundant, and data is replicated to a live failover site using real-time data replication
  • River runs on Amazon AWS managed PaaS accredited with SOC 2, PCI Level 1, and Sarbanes-Oxley (SOX)
  • Web application servers are logically separated from servers that store customer data
  • All web connections to River require a secure connection via SSL/TLS
  • All data transfers require encryption using SFTP
  • GDPR/Safe Harbor and ISO 27001 compliant

River Privacy Policy

https://www.riversoftware.com/privacy-policy

https://www.riversoftware.com/company/leadership-team

 

SharpSpring

https://sharpspring.com/blog/gdpr-compliance-product-readiness

DATA PROCESSING AGREEMENT

https://sharpspring.com/legal/eu-data-processing-agreement

GDPR dictates that businesses handling EU data sign privacy agreements with their subprocessors. To help you meet compliance before May 25, our EU data processing agreement is available for you and your clients. The DPA reviews the data management duties of both SharpSpring and our users under GDPR. Send signed copies of SharpSpring’s DPA to [email protected] to finalize the agreement.

PRIVACY POLICY

https://sharpspring.com/legal/privacy

https://sharpspring.com/legal/sharpspring-cookie-policy

We updated our privacy policy, including a specific cookie policy. Remember: you should have your own privacy policy in place with all of your clients too, and be sure to disclose your use of cookies. Your overall usage of SharpSpring should be covered in your privacy policy.

PRIVACY SHIELD

https://sharpspring.com/legal/us-eu-privacy-notice

As part of SharpSpring’s commitment to data security, we are Privacy Shield certified. For details about how we collect, use and retain personal data, read up on our EU-US Privacy Shield and Swiss-US Privacy Shield Policy.

 

Woodpecker

Woodpecker.co sets out to meet all the GDPR requirements that relate to protecting the privacy concerns of our app users, website and blog visitors, as well as email lists subscribers.

https://woodpecker.co/privacy-policy/

 

Slack

Our Commitment to You and the Protection of Your Data

We’re committed to partnering with Slack customers and users to help them understand and prepare for the General Data Protection Regulation (GDPR). The GDPR is the most comprehensive EU data privacy law in decades, and will go into effect on May 25, 2018.

Besides strengthening and standardizing user data privacy across the EU nations, it will require new or additional obligations on all organizations that handle EU citizens’ personal data, regardless of where the organizations themselves are located. On this page, we’ll explain our methods and plans to achieve GDPR compliance, both for ourselves and for our customers.

 

Facebook

Facebook’s commitment & preparation

Data protection is central to the Facebook Companies (Facebook and Messenger, Instagram, Oculus and WhatsApp). We comply with current EU data protection law and will comply with the GDPR. Our GDPR preparations are well underway, led by our Dublin-based data protection team and supported by the largest cross-functional team in Facebook’s history.

 

Dreamhost

Is not GDPR compliant as yet – we are monitoring this and may cease service with them. They have however, committed to making serious strides toward full compliance.

 

Siteground

Updated Privacy Policy
Our updated Privacy Policy aims to be more human-readable and transparent as to how we collect and process your data. We strictly follow the principle to collect the minimum amount of personal data needed in order to deliver our services. We use that data only for direct business purposes and in line with your notification settings. We allow our users to update or delete their personal data and we only store data until legally required. Read the Privacy Policy.
New Data Processing Agreement
This new document provides more transparency and information on how we handle and protect the data you upload on our servers. The existence of this document guarantees that you have a GDPR compliant relationship with us as a data processor. This is one of the requirements to be GDPR compliant yourself in the relationship with your website users, whose data may end up stored on our servers as part of the hosting service you use. Read the Data Processing Agreement.
Updated Terms of Service
We have also made updates in our Terms of Service in order to make more clear and transparent the relations between our contractual obligations and your data privacy. Read the Terms of Service.

 

Cloudways

We at Cloudways take your Privacy seriously and would like to inform you about our updated Privacy Policy (effective from May 25, 2018) that meets the requirements of GDPR.

Highlights of the updated Privacy Policy include:

  • A description of how we have incorporated GDPR related personal data handling processes within the Cloudways operations.
  • Clear and simple description of how we collect, store and process your personal information in the context of the emerging data protection laws.

In accordance with the GDPR guidelines, we have:

  • Created aData Processing Agreement (DPA) that allows you to comply with your GDPR obligations. If you process EU personal data and information, you should execute our GDPR-ready DPA by May 25th, 2018.
  • Published anFAQ blog to help you understand these obligations and how GDPR impacts your relationship with Cloudways.

In addition, we have updated our SLA and Terms of Service. We thank you for trusting our services, and hope that these changes will improve your Cloudways experience.

 

Cloudflare

At Cloudflare, our company mission is to help build a better internet. We believe that the protection of our customers’ and their end users’ data is fundamental to this mission.

 

Upwork

GDPR goes into effect on May 25, 2018. It will affect all Upwork clients and freelancers who reside in the EU. On or around the May 25th GDPR effective date, both EU and non-EU residents will need to consent to the revised Privacy Policy that will appear on Upwork’s website. New users residing in the EU will also have the choice to opt-in to receiving marketing emails.

https://www.upwork.com/hiring/enterprise/how-upwork-is-meeting-gdpr-compliance

https://www.upwork.com/legal#privacy

 

Subcontractors

All subcontractors that process data on behalf of The Munro Agency reside within the EU and must sign our non-disclosure agreement. Data transfers are handled by secure cloud servers

 

Freshdesk

We are fully committed towards being GDPR compliant by the 25th of May, by when the regulation comes into effect. Over the past few months, multiple internal teams have been working towards making sure that we are aligned to the GDPR framework. Also, we’ve built product features for great privacy and data control for our product. Learn about our organization wide efforts for GDPR.

https://freshdesk.com/gdpr

 

WordPress

As of WordPress 4.9.6, the WordPress core software is GDPR compliant. WordPress core team has added several GDPR enhancements to make sure that WordPress is GDPR compliant. It’s important to note that when we talk about WordPress, we’re talking about self-hosted WordPress.org

https://en-gb.wordpress.org/about/privacy/

 

FreeAgent

We’re constantly improving the technical and organisational security measures we have in place to protect your data and are committed to being fully compliant with GDPR. We will also support you with your own compliance obligations regarding any customer data held within FreeAgent.

https://www.freeagent.com/company/gdpr/

 

Google Products

We are always working to stay compliant, which helps make compliance easier for your business. We encourage regular audits, maintain certifications, provide industry-standard contractual protections, and share tools and information you can use to strengthen your business’s compliance.

https://privacy.google.com/businesses/compliance/

 

Questions and Suggestions

Other useful information about our policies, terms and disclaimers can be found here