General Data Protection Regulation (GDPR)
At Monotote we are committed to protecting your privacy and user rights and have been hard at work to ensure that we are fully GDPR compliant
On this page we outline some of the key GDPR principles and terms and how they apply to your use of Monotote. We encourage you to review this carefully and share it along with the legal documents listed below, with your privacy team.
This guide should not be considered legal advice. Please consult a legal professional for details on how the GDPR impacts your business.
We have an updated data processing agreement, and we will be updating other legal documentation before the GDPR goes into full enforcement on May 25, 2018.
Controllers and Processors
There are two key relationships that are defined in the GDPR.
As a publisher with Monotote, you operate as the controller when using our products and services. You have the responsibility for ensuring that the personal data you are collecting is being processed in a lawful manner as described above and that you are using processors, such as Monotote, that are committed to handling the data in a compliant manner.
Monotote is considered a processor. We act on the instructions of the controller (you). Similar to controllers, processors are expected to enumerate how they handle personal data, which we have outlined in this document and the legal documents listed below. As a processor, we rely on our customer to ensure that there is a lawful basis for processing.
Processors may leverage other third-parties in the processing of personal data. These entities are commonly referred to as sub-processors. For example, Monotote leverages cloud infrastructure providers like Google, Slack, Zendesk, …
As a retailer with Monotote, you operate as the controller when using our products and services. You have the responsibility for ensuring that the personal data you are collecting is being processed in a lawful manner as described above and that you are using processors, such as Monotote, that are committed to handling the data in a compliant manner.
How Monotote uses Personal Data
Monotote believes in being fully transparent in how we handle and process personal data.
We keep data only as long as it is necessary to provide our services. Where possible, we employ mechanisms that allow us to automatically remove data after it is no longer needed to offer our services.See our data retention policy here.
Data Subject Rights
As part of the GDPR, EU data subjects have certain rights to have their personal data removed, corrected, and exported.
Unless otherwise required by law, in the event that Monotote receives any type of request from a data subject, we will engage the respective customer within 30 days to respond to the data subject request.
Data Processing Agreement
Our data processing agreement codifies many of the details described on this site in specific legal language. To obtain a copy, please send an email to firstname.lastname@example.org with subject: “Data Processing Agreement”.