Is Malcolm! GDPR compliant?
What is GDPR?
"GDPR" refers to The General Data Protection Regulation 2016/679. This is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA areas.
How does it apply to Malcolm?
Malcolm! collects, stores and processes data about our own customers - people signing up to Malcolm! and creating and managing instances. We may also - via Workflows - collect, store, process and transfer data about your customers.
When talking about GDPR it is important to understand the concept of the Data Controller and the Data Processor.
- The Data Controller determines the purposes for which and the means by which personal data is processed
- The Data Processor processes personal data only on behalf of the controller.
Is Malcolm! the Data Controller or the Data Processor?
In the context of information about our own customers, eg people who sign up for Malcolm! accounts and manage Instances we are the Data Controller.
In the context of information about your customers, eg information that is collected on your behalf via Workflows you create in Malcolm! we are the Data Processor only. You - as the Data Controller - have the obligation to ensure you are acting lawfully in accordance with the GDPR legislation.
What does all this mean?
When you sign up to Malcolm! you agree to our Terms of Service and our Privacy Policy which detail how we handle your data. By agreeing you give us your consent.
It is important that when you collect, store, process and potentially transfer (via Integrations or Exports) data from your own customers via a Malcolm! Workflow you have your customers consent to do this. Most companies handle this via provisions in their Privacy Policy and/or Terms and Conditions around data processing which their customers agree to. It is therefore good practice to include a check box in your Workflows that reminds customers of your Privacy Policy and their continuing agreement of it and/or confirms their consent for you to collect and process their information
Further Questions
If you have further questions about GDPR or wish to contact our Data Protection Officer you can contact us here.