The rights of each EU resident under the GDPR, and how you can exercise those rights with respect to Core dna, are:

• Right of access: You, or your customer, can ask us what personal data is being processed (used), why and where.
• Right to rectification: If you, or your customer, want to correct, revise or remove any of the data we retain on you - as explained in our Privacy Policy - you may do so at any time.
• Right to be forgotten: If you, or your customer, need to cancel your Core dna account at any time, we will permanently remove your account and all information associated with it.
• Right to restrict processing: If you, or your customer, believe your personal data is inaccurate or collected unlawfully, you may request limited use of your personal data.
• Right of portability: We provide you with the ability to move any of your account data to a third party at any time.
• Right to object: If you, or your customer, decide that you no longer wish to allow your data to be included in our analytics or for us to provide personalized (targeted) marketing content at any time, you may contact us to request removal of this data.

Core dna will provide the necessary mechanism to comply with requests from you, and support you in fulfilling GDPR requests from your customers.

In preparation for GDPR, we formed a core team of leaders from each area of Coredna.com's business, coordinated by our internal Data Protection Officer (DPO). The representatives in this group were charged with ensuring that all the requirements of GDPR were addressed across all teams. The team met once a week to discuss progress towards GDPR readiness, and has continued to do so following the May 25th 2018 deadline so we can continue to ensure our complete GDPR compliance today and in the future.

We have completed an audit of all third party vendors and have validated their GDPR compliance.

All client data belongs to the client, this includes, but is not limited to, user information, contents of applications & settings that are on the Core dna system. We know that you’ll want to provide the same level of GDPR compliance to your customers as we do to you. We make it easy to support your customers and give them the ability to access, handle, and delete their personal data. We also ensure that all of your data – and your customers’ data – is easily exportable in a commonly used and computer readable format.

Server logs are used for security & performance monitoring as well as for billing purposes. Logs are not shared with any third party partners, processors or vendors, outside of those listed on 3.2. A typical server log contains information about the IP address, the page requested along with the browser’s User Agent. Log information is retained for 12 months.

GDPR gives individuals the right, in certain circumstances, to ask that their personal data be erased, or that a company restrict the processing of their personal data.

"Personal data" means any data that can be used to identify an individual, including:

• Name
• Address
• Email
• IP address
• Credit card number.

Personal data does not include information that is purely financial and cannot be linked to an individual, such as:

• How many times a specific product has sold
• How much revenue your store has made

Core dna can assist in the removal of user information in accordance with the client’s policies.

We know that navigating GDPR can seem daunting at times, but we’re here to help. If you have any questions or concerns regarding how we protect your personal data, please don’t hesitate to reach out: 

• Name: Dennis Westphal
• Title: Data Protection Officer
• Email: privacy@coredna.com