< Back to Overview
MoreThanDigital’s GDPR Compliance
Last updated 29.09.2023
MoreThanDigital is dedicated to ensuring privacy, security, compliance, and transparency. Our commitment includes assisting our clients in adhering to EU data protection stipulations, especially those outlined in the General Data Protection Regulation (GDPR), effective from May 25th, 2018.
Understanding GDPR
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a directive by the European Parliament, the European Council, and the European Commission to bolster and standardize data protection for all individuals within the European Union (EU).
GDPR’s Scope
When using MoreThanDigital Services, one means through which an EU citizen’s personal data might be acquired is when you establish a database with contact details and business interactions (akin to a CRM system). However, not all clients are “data subjects.” Only individuals fall under this category, whereas entities like businesses or government agencies are excluded from GDPR.
Is MoreThanDigital GDPR Compliant?
Absolutely, MoreThanDigital has been fully compliant with GDPR since May 2018.
GDPR-Related Queries
-
Internal Compliance Measures: We boast a dedicated internal team and Data Protection Officer. For any GDPR-related questions, reach out to us via .
-
Verification of Compliance: For formal confirmation, provide us your data processing agreement template, and we’ll revert with the duly filled and signed document.
-
Sensitive Data Storage and Breach Protocols: All sensitive data is securely stored with restricted access. In case of a breach, we promptly notify the affected parties, our Data Protection Officer, and local authorities, in line with our GDPR procedures.
-
Data Retention: We retain client data only during the period of our service usage or until a deletion request is made.
-
Data Storage Location: The data of our EU clientele is kept in European data centers located in Germany, the UK, and Slovakia, and is managed by Linode, Inc.
-
Data Access: Access to personal client data is granted only upon client request or approval. Typically, our customer support, development, or marketing teams may access this data.
-
Data Removal Protocols: If a client seeks the removal of their data, the deletion is carried out promptly.
-
Handling Sub-Processors: We ink data processing agreements with every sub-processor or subcontractor we associate with.
-
Third-party Organizations (Sub-processors): Refer to the list of MoreThanDigital sub-processors and subcontractors.
-
Safeguards Pre and Post GDPR Deadline: Most protection measures were in place well before the deadline, indicating our serious commitment to data privacy. We augmented this with enhanced guidelines on sensitive data handling, incident response, and data breach management.
-
Activities by the Data Processor (MoreThanDigital): Any and all actions essential to provide effective customer support and reliable service.
-
Data Subjects: Individuals whose data is shared with MoreThanDigital.
-
Data Categories: Name, Email, Phone number, Address, IP Address, Timestamps, Browser Cookies, and any other data accumulated by clients.
-
Special Data Categories: Currently, there are no special data categories.
-
Cross-border Transfers: Such transfers are restricted to the EU or US territories.
Additional Security Protocols
-
Two-factor Authentication: Enhance your MoreThanDigital account security with 2-Factor Authentication. This requires a code from the Google Authenticator app, ensuring unauthorized users can’t access your account even with the correct password.
-
HTTPS Encryption: All communications, including chats and emails, between your browser and MoreThanDigital are encrypted for security.
-
Credential Protection: We adopt the latest standards to store and safeguard user login details in the cloud.
- DDos Protection: We make sure that our network and services are safe from DDos attacks.
- API and SPAM Protection: Our API is available only for authorized users. Additionally, we have an in-built SPAM filter that continuously refines its capabilities.
Features to Aid with GDPR Compliance
MoreThanDigital offers options to delete Service Data, potentially holding personal data. This includes profiles, companies, images, and attachments. Within MoreThanDigital, Users have different access levels.
-
Ticket and Customer Account Deletion: Open a ticket or go to your Customer Profile to delete your data as specified in our guidelines.
-
Right to Erasure: MoreThanDigital allows the deletion of all personal and customer-sensitive data upon request. Account owners can also request account deletion via email.
-
Automatic Procedures: Accounts that are non-compliant with our policies and guidelines are suspended. If not unsuspended within 60 days, they’re terminated. Termination leads to data removal from our cloud within 30 days. After this, only a 30-day cold backup remains, post which all data is permanently deleted.