In this page, we address our commitment to being GDPR compliant, our opinions on GDPR and how we are implementing it, the review process and the changes we will be making and finally, how these changes will affect you. Dive right in!
The landmark European privacy law - GDPR (the General Data Protection Regulation) is due to take effect on May 25th, 2018. The GDPR imposes new rules on companies, government agencies, non-profits, and other organizations that offer goods and services to people in the European Union (EU), or that collect and analyze data tied to EU residents. The GDPR expands the privacy rights granted to EU individuals, and it places many new obligations on organizations that market to, track or handle EU personal data, no matter where an organization is located. It only reinforces our belief that data privacy is an essential individual right and we’re excited about reviewing and updating our policies to make sure that you and your data are always safe and secure! The changes are being rolled out globally and are made across all accounts, regardless of whether they are in the EEA (European Economic Area) or not.
We believe GDPR is a required step towards the standardization for security measures across all geographical regions. Fyle has always been committed to ensuring the highest standards for data security and data privacy and GDPR only takes us closer to our goal by standardizing the process. We are actively preparing our business and compliance processes for GDPR to take effect, and this page will inform you further on how those changes will affect you and your business.
GDPR is the most noteworthy milestone in the space of Data Privacy Regulations and how we think of it. We welcome this milestone in Data Privacy Regulations and would love to share the steps we are taking to make sure we are GDPR friendly on or before May 25th, 2018.
The GDPR was approved and adopted by the EU Parliament in April 2016. The regulation will take effect after a two-year transition period and, unlike a Directive it does not require any enabling legislation to be passed by government; meaning it will be in force May 2018.
The GDPR not only applies to organisations located within the EU but it will also apply to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.
Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
A controller is the entity that determines the purposes, conditions and means of the processing of personal data, while the processor is an entity which processes personal data on behalf of the controller. Fyle is both a data processor and a data controller.
Fyle explicitly asks for consent for activity tracking via cookies and provides opt-in / opt-out mechanisms for promotional emails. Fyle's signup mechanism also requires you to accept the terms and conditions explicitly.
Strong data protection commitments are an essential component of GDPR’s requirements. As a controller, Fyle has an obligation to only work with data processors that provide sufficient guarantees. As part of our preparation, we have eliminated data processors that do not provide these guarantees. We work with data processors like Intercom, Mixpanel, Freshdesk, Stripe and Hubspot.
You have the right to move your data out of Fyle to other systems. Fyle provides capability to export your expense data in excel format and bills in a consolidated PDF format which can be then be uploaded to a system of your choice.
Fyle allows account owners to download all of their data in Fyle in standard formats like CSV / Excel and PDF. These options are available within the application.
You have the right to be forgotten i.e. request erasure of all data concerning you in Fyle and we will oblige the request without undue delay. We've introduced a feature in the product for account owners to delete their account and all information from Fyle and its data processors. Account owners can also send a note to email@example.com if they require assistance on this front.
Fyle is an enterprise product trusted by small and large enterprises alike. We conduct Vulnerability Assessment and Penetration Testing exercises every 6 months and share it with customers upon request. As part of our roadmap, we will be getting ISO 27001 certification and SOC 2 compliance.
To know more about GDPR, please go here. For any questions or concerns related to GDPR, please feel free to get in touch with us at firstname.lastname@example.org and we'd be happy to chat with you! We'll be announcing GDPR related updates on a rolling basis up until GDPR is enforced on May 25, 2018. We will keep adding updates on this page, kindly keep a look out for them.
The content above is provided for informational purposes only. The information shared here is not meant to serve as legal advice. You should work closely with legal and other professional counsel to determine exactly how the GDPR may or may not apply to you.