May 24, 2018
Like every other company in the universe, 30MHz has to comply with the GDPR (or AVG in Dutch). The team has been working on several changes, in order to make sure we fit in with the new set of regulations. We’re pretty sure you know by now what the GDPR is, so we won’t be bothering you with a summary of what this means to you or your business.
So let’s get to the point:
Data controller vs data processor
First, we’ll explain you the difference between a data controller (which we are) and a data processor (which we are too). According to the definitions of GDPR, an entity can process personal data as a controller or as a processor. A controller determines the purposes and means of processing personal data, while a processor is responsible for processing personal data on behalf of a controller.
Moreover, a company can use the services of a processor, in which case it has to make sure that this processor is GDPR-compliant too.
30MHz acts in some cases as a controller and in others as a processor. But what kind of data are we controlling and processing? The GDPR defines personal data as any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
The personal data that 30MHz handles according to the definition of GDPR come from the following sources:
- ZENSIE – a platform for 30MHz customers, controlled by 30MHz
- AWS – cloud storage
- Digital Ocean – cloud computing
- Auth0 – login application
- Nexmo – SMS notifications
- UserEngage – user management
- Mixpanel – platform development
- Google Analytics – website improvement
- LinkedIn – audience marketing
- Hotjar – website improvement
- MailChimp – newsletter and direct mails
- UserEngage – lead generation and direct mails
The next step is to share transparently all aspects of how our product and website work in regards to privacy, terms, and personal data. This is what we offer our stakeholders ahead of the May 25, 2018 deadline:
We’ve changed the cookie notice on our website in order to comply with the E-Privacy Directive. It now gives you the option to choose between a minimum viable and an elaborate version. The difference lies within the added tools mentioned above.
Deletion / Modification
A user has the right to request that we delete or alter all of their personal data. Users who wish to inquire about these rights will be able to reach out to us at any time.
Access / Portability
A user can request access to a copy of the personal data that we have collected. Users who wish to request portability can reach out to us at any time. In this mail, please state what particular data you would like to have access to. You can choose from the list above.
Get in touch
Data Protection Agreement
We signed Data Processing Agreements with every single data processor on this list. These agreements reflect the requirements of the European Data Protection Regulation (“GDPR”) as it comes into effect on May 25, 2018
Last updated: May 24, 2018
We audited all areas of the ZENSIE platform and the website to determine what personal data we collect and for what purpose. In a case where collecting personal data is not essential, we are removing that collection process. The privacy notice contains a full list of the data variables we’re keeping track of.
Terms and conditions
Last updated: May 24, 2018
Clarity on what types of content may be considered hate speech or threatening
Updated process for account suspension or removal
See the full Terms and conditions