The General Data Protection Regulation (GDPR) is a new set of rules designed to give EU citizens more control over their personal data. It aims to simplify the regulatory environment for businesses so both citizens and businesses in the European Union can fully benefit from the digital economy.
The GDPR will be enforceable starting on 25 May 2018. Jottacloud is committed to GDPR compliance across all products and services. We are also committed to helping our customers with their GDPR compliance journey by providing robust privacy and security protections built into our services and contracts.
Protecting your data
As a Jottacloud customer, your data will be treated in accordance with the GDPR legislation. Security of our customers data is our number one priority.
The Jottacloud Data Processing Agreement is available to all Jottacloud customers that are processing personal data whether they are established in Europe or a global company operating in the European Economic Area.
Jottacloud account owners will have the functionality to agree and sign the Data Processing Agreement between Jottacloud and your organization/company.
Jottacloud use the following sub-processors:
Stripe, Inc. - Payment Processing
DIBS Payment Services A/S - Payment Processing
Intercom, Inc - Support ticketing and customer communication
Zendesk, Inc. - Support ticketing
Microsoft Corporation - Office online (optional)
Data Protection Officer (DPO)
Data protection officers are responsible for overseeing data protection strategy and implementation to ensure compliance with GDPR. Jottacloud has appointed a DPO that can be contacted at firstname.lastname@example.org.
Data Processing Agreement (DPA)
European businesses loacated in EU or EEA countries are required to sign a Data Processing Agreement (DPA) with vendors to comply with European Data Privacy laws (GDPR).
Frequently asked questions
Does Jottacloud comply with GDPR (General Data Protection Regulation) with regards to the data of Jottacloud customers?
Can I view Jottacloud’s data processing agreement (DPA)?
Yes. This can be found here.
Does Jottacloud collect any personally identifiable information from customer’s applications about their users, and what kind of data?
Jottacloud collects name, email address, and in some cases phone number.
Where is the Jottacloud data stored geographically? Under which jurisdiction?
All Jottacloud data is stored in Norway.
How long is the data retained for?
Data will remain in your Jottacloud account until your data retention period expires for that data, or you manually choose to delete this information from your account settings. The data retention period is normally 90 days.
How do I prevent sensitive data from being sent into Jottacloud?
You are in complete control of the data you choose to send to Jottacloud. You can delete such data from Jottacloud at any time.
If you have additional concerns or questions about GDPR compliance, feel free to contact us.