< Back to Overview

MoreThanDigital’s GDPR Compliance

Last updated 02.06.2026

 

MoreThanDigital is dedicated to ensuring privacy, security, compliance, and transparency. Our commitment includes assisting our clients in adhering to EU data protection stipulations, especially those outlined in the General Data Protection Regulation (GDPR), effective from May 25th, 2018.

Understanding GDPR

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a directive by the European Parliament, the European Council, and the European Commission to bolster and standardize data protection for all individuals within the European Union (EU).

GDPR’s Scope

When using MoreThanDigital Services, one means through which an EU citizen’s personal data might be acquired is when you establish a database with contact details and business interactions (akin to a CRM system). However, not all clients are “data subjects.” Only individuals fall under this category, whereas entities like businesses or government agencies are excluded from GDPR.

Is MoreThanDigital GDPR Compliant?

Absolutely, MoreThanDigital has been fully compliant with GDPR since May 2018.

GDPR-Related Queries

  • Internal Compliance Measures: We have a designated Data Protection Officer and documented internal compliance procedures. For any GDPR-related questions, reach out to us via .

  • Verification of Compliance: For formal confirmation, provide us your data processing agreement template, and we’ll revert with the duly filled and signed document.

  • Sensitive Data Storage and Breach Protocols: All sensitive data is securely stored with restricted access. In case of a breach, we promptly notify the affected parties, our Data Protection Officer, and local authorities, in line with our GDPR procedures.

  • Data Retention: We retain client data only during the period of our service usage or until a deletion request is made.

  • Data Storage Location: The data of our EU clients is stored in European data centres (Germany and Finland) on dedicated infrastructure operated by Hetzner. We do not host user account data outside the European Union.

  • Data Access: Access to personal client data is granted only upon client request or approval. Typically, our customer support, development, or marketing teams may access this data.

  • Data Removal Protocols: If a client seeks the removal of their data, the deletion is carried out promptly.

  • Handling Sub-Processors: We ink data processing agreements with every sub-processor or subcontractor we associate with.

  • Third-party Organizations (Sub-processors): Refer to the list of MoreThanDigital sub-processors and subcontractors.

  • Safeguards Pre and Post GDPR Deadline: Most protection measures were in place well before the deadline, indicating our serious commitment to data privacy. We augmented this with enhanced guidelines on sensitive data handling, incident response, and data breach management.

  • Activities by the Data Processor (MoreThanDigital): Any and all actions essential to provide effective customer support and reliable service.

  • Data Subjects: Individuals whose data is shared with MoreThanDigital.

  • Data Categories: Name, Email, Phone number, Address, IP Address, Timestamps, Browser Cookies, and any other data accumulated by clients.

  • Special Data Categories: Currently, there are no special data categories.

  • Cross-border Transfers: User account data is stored in the EU. Limited transfers to the US occur only for email delivery and payment processing, governed by Standard Contractual Clauses.

Additional Security Protocols

  • Two-factor Authentication: Enhance your MoreThanDigital account security with 2-Factor Authentication. This requires a code from the Google Authenticator app, ensuring unauthorized users can’t access your account even with the correct password.

  • HTTPS Encryption: All communications, including chats and emails, between your browser and MoreThanDigital are encrypted for security.

  • Credential Protection: We adopt the latest standards to store and safeguard user login details in the cloud.

  • DDos Protection: We make sure that our network and services are safe from DDos attacks.
  • API and SPAM Protection: Our API is available only for authorized users. Additionally, we have an in-built SPAM filter that continuously refines its capabilities.

Features to Aid with GDPR Compliance

MoreThanDigital offers options to delete Service Data, potentially holding personal data. This includes profiles, companies, images, and attachments. Within MoreThanDigital, Users have different access levels.

  • Ticket and Customer Account Deletion: Open a ticket or go to your Customer Profile to delete your data as specified in our guidelines.

  • Right to Erasure: MoreThanDigital allows the deletion of all personal and customer-sensitive data upon request. Account owners can also request account deletion via email.

  • Automatic Procedures: Accounts that are non-compliant with our policies and guidelines are suspended. If not unsuspended within 60 days, they’re terminated. Termination leads to data removal from our cloud within 30 days. After this, only a 30-day cold backup remains, post which all data is permanently deleted.