Sleekplan is always committed to complying with the EU's General Data Protection Regulation (GDPR) to ensure that we meet its obligations. In fact, Sleekplan is fully committed to upholding compliance with GDPR.
The General Data Protection Regulation is the main framework of Europe's digital privacy legislation. Though being drafted and passed by the European Union it sets the rules on data processing for any entity who collects information related to people in the EU. On Sleekplan we have a policy in place to comply with the toughest privacy and security law in the world.
The GDPR is a comprehensive data protection law. Although drafted and passed by the European Union (EU), it imposes obligations on organizations everywhere as long as they target people in the EU or collect data. The regulation was put into effect on May 25, 2018.
Does it apply to me?
GDPR applies to any company, website or organization worldwide that deals with personal data from residents of the European Union. If your company processes, stores or transmits personal data of EU residents, you will be required to comply with the new regulations.
GDPR Compliance at Sleekplan in a Nutshell
We act as data controller and processor
In terms of GDPR Sleekplan acts as both, data controller and processor. We are controller when we decide the purposes and the means of the processing (e.g. when it comes to our website, admin dashboard, customer database, newsletter, marketing, payment data, etc.) and we are processors when we act under the instructions of our customers (e.g. when we process the personal data of our customers end-users).
Information we hold and collect
Sleekplan stores data on 2 kinds of parties:
1. Our customers (The operators using the Sleekplan Dashboard replying to their users)
User first and last name
User email address
User profile picture
User/Company payment details (includes invoicing information, eg. company address and country, the credit card number is stored by Stripe)
2. Our customers end-users (The users of our customers)
End-user email address
End-user last activity date and time
End-user profile picture
End-user profile information (We automatically track and store certain standard data fields resolved from public data provided by end-user on the Internet, and those data a customer transfer to us e.g. via Single Sign-On).
These data includes:
- City and country (calculated by the lead or user’s IP address location, however we store only anonymized IPs)
- OS (the operating system a person is using).
- Browser version (the precise version of the browser a person is using).
Sleekplan does not share, or resell, any kind of user data (both point 1 and 2 above). The data is not used for advertising (both 1 and 2) or analytics (2).
Data Hosting and Storage
Sleekplan services and data are hosted in Amazon Web Services (AWS) facilities (us-east-1) in the United States and processed with AWS. AWS offers a GDPR-compliant Data Processing Addendum (GDPR DPA) which includes the Standard Contractual Clauses to enable the transfer of data from outside of Europe. This enables us to comply with GDPR contractual obligations. The AWS GDPR DPA is incorporated into the AWS Service Terms. Learn more about GDPR at Amazon Web Services.
Q: Isn't the data residency in conflict with the GDPR?
A: The GDPR does not require personal data to be stored or processed in the EU, it simply makes compliance with the GDPR easier if personal data is stored and processed in the EU.
Third-parties we share data with
All Sleekplan data processor providers have been checked to be all GDPR-compliant (Stripe, Amazon Web Services, ...). See the full list of our providers below.
Amazon Web Services
440 Terry Ave N Seattle, WA 98109
DPA is part of Terms
510 Townsend Street San Francisco, CA 94103
55 2nd Street, 4th Floor San Francisco, CA 94105
1600 Amphitheatre Parkway Mountain View, CA 94043
110 Sutter St, San Francisco, CA 94104, Vereinigte Staaten
DPA is part of Terms
405 Howard Street, Floor 2 San Francisco, CA 94105
DPA is part of Terms
Data processing agreement (DPA)?
Yes! Users and third parties can sign our DPA, which guarantees the protection of personally identifiable information that we collect and process.
This should be read, signed and submitted to our team. Questions can be directed to firstname.lastname@example.org or leave us a message in the chat.