Last updated: May 14th, 2018
If you use the Internet, GDPR affects you. Curated has made significant changes to become GDPR compliant and to help our customers make their newsletters compliant as well.
To quote the official GDPR website:
“The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.”
Put more simply, GDPR outlines some rules around how companies process the data of individuals, and has scary fines for non-compliance.
In light of this new regulation, here are the details about how we handle your data and how you can access it.
Curated’s servers are located in the UK and are provided by Brightbox Systems. Our databases are backed up hourly, and those hourly backups are stored for one week. The databases are also backed up daily, and those daily backups are kept for 30 days. All backups are stored on Amazon S3 in the UK.
We collect and retain the following information from our customers:
We collect and retain the following information from our customers’ subscribers:
We collect this information for the purpose of providing the Curated newsletter products and services, identifying and communicating with customers, responding to customer requests/enquiries, getting paid for use of our products and services, and improving our products and services.
These third parties have access to your Personal Information only to perform specific tasks on our behalf and are obligated not to disclose or use your information for any other purpose.
GDPR defines third party companies and service providers like these as “sub-processors”.
Where applicable, we’ve linked to each sub-processor’s policies; we recommend reading each one to make sure you’re OK with us sharing some of your data with them.
If you have specific questions about what data we send to any of those services, contact us using the information below and we’ll be happy to explain in more detail.
Another term that GDPR defines is “Data subject”. Put simply, a data subject is the individual whom particular personal data is about. A DSR (Data Subject Rights) request is when an individual asks a data controller (in this case, that could be Curated or a Curated customer) to take action on their personal data. An example of a DSR request would be if a Curated customer asks for an export of all the data we’ve collected about them, or to permanently delete all the information we’ve collected about them.
We plan on processing these requests manually, though we’ve built some tools to allow our customers to access, correct, amend, or delete most of their data themselves.
We will give an individual, either a Curated customer or a subscriber, access to any personal information we have about them within 30 days of any request for that information, and we won’t charge anything to process these requests. Individuals may request to access, correct, amend or delete information we hold about them by contacting us using the information below. Unless prohibited by law, we will remove any Personal Information about an individual, either a Curated customer or a subscriber, from our servers at their request.
If you have any questions about these terms, please contact us at email@example.com or 2527 Broad Avenue, Memphis, TN 38112, US.