Yes, Spreedly is GDPR compliant.
General Data Protection Regulation (GDPR) Is a set of European regulations that came into effect on May 25th, 2018. These regulations aim to strengthen the security and protection of personal data gathered from EU citizens, even by companies outside of the EU - like Spreedly.
There are three components of GDPR you should be aware of:
- Controller: That’s you, our customer. If your goal is to comply with the GDPR, then you need to fulfill your obligations as a Controller
- Processor: That is wherever you decide to send your data for processing, which could be us, Spreedly, or your respective gateway or receiver (collectively “3rd party end points”). We are a compliant processor, ready to assist you with any data subject rights requests you may receive.
- Sub Processor: These are the processors or vendors we use to manage data. It is our obligation to ensure that any entity we engage with that touches your data is GDPR compliant.
Below is a list of our GDPR resources.
- Spreedly’s Data Processing Agreement (DPA) - This DPA provides our customers with contractual commitments to our compliance with applicable EU law and establishes our commitment to respond to data subject requests, report breaches to supervisory authorities and data subjects within the timeframe prescribed by GDPR, and to demonstrate our own compliance status.
- Spreedly’s Sub Processors - a list of sub processors we use as well as the purpose of their use. On this page, we have also established a mechanism to inform customers of intended changes to our sub-processors to give them time to object.
Please note, if you only use Spreedly to store and tokenize data then our GDPR compliance should suffice. If you also use our platform to direct transactions against end points you’ve contracted with, you need to work with them to ensure they too handle data in a GDPR compliant manner. If you are platform that allows customers to direct transactions via Spreedly, inform your customers of GDPR regulations to ensure they have a separate agreement with their endpoint, in addition to yours, for end to end GDPR compliance.
-------------------------------------------------------------------------------------------------------
To exercise your rights under GDPR, or request information Spreedly may have about you, please use this form.
For any other questions, contact us.