Last updated: May 20, 2021
In 2016, the European Union (EU) approved a new privacy regulation called the General Data Protection Regulation. More commonly known as the “GDPR”, it came into force on May 25, 2018.
As a company that has always taken privacy very seriously, the success of our customers in the GDPR era is very important to us. This is why we have put this document together, which we update periodically, to provide an overview of what Applitools has done and continues to do to remain prepared for GDPR. For more information in regard with Applitools’ compliance with the CCPA, please consult this page: https://applitools.com/ccpa/.
What is Applitools’ take on the GDPR? We welcome the positive changes the GDPR brought, such as the increased harmonization and the “privacy by design and privacy by default” approach. Our view is that the GDPR is not only an obligation but also an opportunity to build privacy-friendly products while increasing customer trust.
What is Applitools doing regarding GDPR? With customers in nearly every country in the world, becoming prepared for the GDPR is a “must”. This is a high level summary of what we have done so far:
- ✓ GDPR strategy.
- We retained outside counsel to help us understand the GDPR and prepare a GDPR compliance plan.
- We built an internal taskforce with members of different departments (security, sales, product development, and others) to implement the GDPR compliance plan internally.
- The founders of Applitools have been personally involved in the supervision of its implementation.
- ✓ Data mapping. We mapped Applitools’ data collection practices.
- ✓ Data Processing Agreement. We drafted and published a Data Processing Agreement in accordance with Article 28 of the GDPR for signature with our customers who are subject to the GDPR.
It is available at https://ewig5qf9cgn.exactdn.com/wp-content/uploads/2021/01/Applitools_DPA.pdf. Therefore, if you are a customer subject to the GDPR or who need a DPA for a different reason, please download it, sign it and return it signed to firstname.lastname@example.org.
- ✓ Security. Applitools is ISO 27001 certified.
- ✓ Data transfers.
- Microsoft Azure, Salesforce, Google Cloud, Marketo, ZenDesk, Intercom, Woopra, Amplitude and Appcues. Our service providers (such as Microsoft, Salesforce, Google, ZenDesk, Intercom, Marketo, Woopra, Amplitude or Appcues), who provide data processing services to us have the necessary mechanisms in place in order to comply with the GDPR.
- Server flexibility. We let our customers choose the location of the data centers where information will be stored. For example, our customers may choose to have their information hosted on the customer’s premises or in servers located in the European Union with Microsoft Azure’s data centers.
Should I, as an Applitools customer, be concerned about the GDPR? Our recommendation is that all our customers assess carefully whether they are subject to the GDPR and, if so, to what extent. The consequences of breaching the GDPR are very serious and could include fines of up to 20 million Euro or 4% of the breaching company’s global turnover (yes, the global turnover!).
If I am a customer not based in the EU, should I still be concerned about the GDPR? Given the GDPR’s extraterritorial effect, our non-EU based customers are also encouraged to assess whether the GDPR applies to them or not. The GDPR not only applies to companies that process the personal data of European individuals and have a presence in the EU (e.g. offices or establishments) but also to companies that do not have any presence in the EU but offer goods or services to individuals in the EU and/or monitor the behavior of European individuals where their behavior takes place within the EU.
As an Applitools customer, where should you start your “GDPR journey”? If the GDPR applies to your company, we highly recommend conducting internal due diligence to map your specific data collection practices. This includes, among other matters, understanding what specific personal data (including, without limitation, sensitive personal data) of individuals protected by the GDPR your company is collecting (e.g. end-users, customers, employees, etc.), from whom the data is collected, where it is being hosted, for what purposes it is being used, with whom it is being disclosed, and whether the personal data is transferred outside of the European Union or European Economic Area.
And then what? Consider what personal data you are sharing with Applitools when using our services and, if required, please request and sign our Data Processing Agreement.
Where can I learn more about GDPR? Additional information is available on the European Commission’s website here (http://ec.europa.eu/justice/data-protection/reform/index_en.htm)
I have more questions. Who should I contact? If you have any additional questions about the GDPR you are welcome to contact us at (https://applitools.com/contact)
Disclaimer: The information in this document may not be construed or used as legal advice about the content, interpretation or application of any law, regulation or regulatory guidelines. Customers and prospective customers must contact their own legal counsel to understand the applicability of any law or regulation on their processing of personal data.