The General Data Protection Regulation (GDPR) is the new legal framework of data protection across the EU. Starting 25th May 2018 it will be enforceable. This post clarifies how CloudConvert complies with the GDPR and what our customers can do to be compliant.
In the terms of the GDPR, CloudConvert takes two different roles: CloudConvert is classed as data controller, if it provides services to end customers and directly collects or processes personal data. CloudConvert is classed as processor, if it processes data on behalf of a data controller (typically a customer of CloudConvert).
In short, we do collect:
We do share:
CloudConvert commits to:
If you are an organisation and use CloudConvert to process your customers files, we are typically acting as processor. This is the case if you collect personal data and send them to us for conversion, for example via our API.
As a processor, CloudConvert commits to:
In accordance to Art. 28 GDPR it is possible to sign a data processing agreement with us. This binds us legally to the proper processing of data in accordance to the GDPR. Therefore, contact us.