General Data Protection Regulation (GDPR)

At Monotote we are committed to protecting your privacy and user rights and have been hard at work to ensure that we are fully GDPR compliant

On this page we outline some of the key GDPR principles and terms and how they apply to your use of Monotote. We encourage you to review this carefully and share it along with the legal documents listed below, with your privacy team.

This guide should not be considered legal advice. Please consult a legal professional for details on how the GDPR impacts your business.

The GDPR is a unified regulation that is designed to harmonize data privacy laws throughout Europe. This new regulation offers citizens in the European Union (EU) greater transparency and controls over how their personal data is used by others. With the GDPR, we’re updating our privacy policy and data processing agreements to ensure that any business that requires a GDPR-compliant processor can use Monotote.

We have an updated data processing agreement, and we will be updating other legal documentation before the GDPR goes into full enforcement on May 1, 2021.

Controllers and Processors

There are two key relationships that are defined in the GDPR.

For publishers

As a publisher with Monotote, you operate as the controller when using our products and services. You have the responsibility for ensuring that the personal data you are collecting is being processed in a lawful manner as described above and that you are using processors, such as Monotote, that are committed to handling the data in a compliant manner.

Monotote is considered a processor. We act on the instructions of the controller (you). Similar to controllers, processors are expected to enumerate how they handle personal data, which we have outlined in this document and the legal documents listed below. As a processor, we rely on our customer to ensure that there is a lawful basis for processing.

Processors may leverage other third-parties in the processing of personal data. These entities are commonly referred to as sub-processors. For example, Monotote leverages cloud infrastructure providers like Google, Slack, Zendesk, …

For retailers

As a retailer with Monotote, you operate as the controller when using our products and services. You have the responsibility for ensuring that the personal data you are collecting is being processed in a lawful manner as described above and that you are using processors, such as Monotote, that are committed to handling the data in a compliant manner.

How Monotote uses Personal Data

Monotote believes in being fully transparent in how we handle and process personal data.

We keep data only as long as it is necessary to provide our services.  Where possible, we employ mechanisms that allow us to automatically remove data after it is no longer needed to offer our services.

See our data retention policy here.

Data Subject Rights

As part of the GDPR, EU data subjects have certain rights to have their personal data removed, corrected, and exported.

Unless otherwise required by law, in the event that Monotote receives any type of request from a data subject, we will engage the respective customer within 30 days to respond to the data subject request.

Data Processing Agreement

Our data processing agreement codifies many of the details described on this site in specific legal language. To obtain a copy, please send an email to privacy@monotote.com with subject: “Data Processing Agreement”.

Questions?

Feel free to reach out to us via a support ticket or by emailing us at privacy@monotote.com with any questions you may have.