GDPR is short for the General Data Protection Regulation that went into effect on May 25, 2018. Its purpose is to support privacy as a fundamental human right and therefore give EU residents rights over how their personal data is processed or otherwise used.
The rights of each EU resident under the GDPR, and how you can exercise those rights with respect to Core dna, are:
Core dna will provide the necessary mechanism to comply with requests from you, and support you in fulfilling GDPR requests from your customers.
For more information on GDPR we recommend reading the following items
In preparation for GDPR, we formed a core team of leaders from each area of Coredna.com's business, coordinated by our internal Data Protection Officer (DPO). The representatives in this group were charged with ensuring that all the requirements of GDPR were addressed across all teams. The team met once a week to discuss progress towards GDPR readiness, and has continued to do so following the May 25th 2018 deadline so we can continue to ensure our complete GDPR compliance today and in the future.
It is the client’s responsibility to insure that the appropriate GDPR information is accessible on their own main website, whether hosted by Core dna or not. It is also their responsibility to treat customer data in accordance with GDPR regulations.
Note: Items such as 3rd party cookies and relevant disclaimers, which are outside the control of Core dna, fall under the ePrivacy Directive (aka Cookie Law).
We have completed an audit of all third party vendors and have validated their GDPR compliance.
Core dna uses the following subprocessors for certain data, only where necessary:
Service / Vendor | Purpose | Entity Country |
New Relic | Software service provider | USA |
Vultur | Software service provider | USA |
Oracle, Dyn | Software service provider | USA |
StackPath, LLC | Software service provider | USA |
Amazon Web Services | Data hosting | USA |
Slack Technologies, Inc. | Software services provider | USA |
SharpSpring, Inc. | Cloud marketing provider | USA |
Google, Inc. | Analytics service provider | USA, Ireland |
Note: This information is for educational purposes to demonstrate how Core dna engages with third-party systems. It should not be interpreted as offering any additional rights or binding agreements.
All client data belongs to the client, this includes, but is not limited to, user information, contents of applications & settings that are on the Core dna system. We know that you’ll want to provide the same level of GDPR compliance to your customers as we do to you. We make it easy to support your customers and give them the ability to access, handle, and delete their personal data. We also ensure that all of your data – and your customers’ data – is easily exportable in a commonly used and computer readable format.
Certain types of data may rest at Core dna for different lengths of time. For example, in the case an order is made, this data would required to be store until the order is delivered successfully and for a set amount of time to support customer support. After this period this data can be safely anonymized.
Core dna can assist in the auto-anonymization of user information in accordance with the client’s policies.
Server logs are used for security & performance monitoring as well as for billing purposes. Logs are not shared with any third party partners, processors or vendors, outside of those listed on 3.2. A typical server log contains information about the IP address, the page requested along with the browser’s User Agent. Log information is retained for 12 months.
GDPR gives individuals the right, in certain circumstances, to ask that their personal data be erased, or that a company restrict the processing of their personal data.
"Personal data" means any data that can be used to identify an individual, including:
Personal data does not include information that is purely financial and cannot be linked to an individual, such as:
Core dna can assist in the removal of user information in accordance with the client’s policies.
As part of our Information Security policy, we already have management and communication processes in place in the unlikely event of a data breach; we’ve updated these to further comply with the GDPR regulations for notification and reporting.
We know that navigating GDPR can seem daunting at times, but we’re here to help. If you have any questions or concerns regarding how we protect your personal data, please don’t hesitate to reach out:
Last updated: Tuesday, March 19th 2019