GDPR

In 2012, the European Commission began a process to reform Europe's existing data protection laws by proposing a new data protection regulation to replace the current Data Protection Directive. GDPR was agreed and adopted in 2016 and came into effect on 25 May 2018.
GDPR aims to make data protection regulations: more Relevant, Comprehensive and Unified.
GDPR is a significant change but opens the opportunity for companies and organizations to audit their current data processing and storage actions and to ensure their customers are adequately protected.
For the benefit of the customer it shows, demonstrated compliance, enhanced rights and privacy of data by design. One major enhanced right is the right to obtain and reuse personal data across multiple services, as well as the right of deletion of personal data.


How does Couchdrop align with GDPR?

As Couchdrop handles sensitive, personal and company data, Couchdrop and the team take GDPR and other security compliance and processes seriously. Couchdrop understands that the sensitive nature of data, its transfer and storage rely on maintain relevancy in both security principles and governance, but also to building trust with its customers to ensure a peace of mind.
Couchdrop has ensured the following is in place to align the company and its processes with GDPR;
  • Updated Privacy Notice and Terms and Conditions to be GDPR compliant, as well as more concise and transparent about how we process personal data.
  • Staff Education on the Couchdrop infrastructure and processes to ensure all staff understand GDPR and are compliant and can raise risk and concern should an area of concern be identified.
  • Data Breach Alerting, Couchdrop is armed with a rapid response email and announcement to fall in line with GDPR, so that on a rare chance a breach is noted, communications can be sent out in a quick manner.
  • Infrastructure and internal processes now fall in line with GDPR.
  • The way Couchdrop handles and stores data falls in line with GDPR and Safe Harbor data protection means.
Just because Couchdrop has done the above, does not mean it will stop there. The team at Couchdrop will continue to modify, update you and remain relevant across the security governance spectrum to continue to meet yours, and the wider worlds needs.

Frequently Asked Questions

Where does Couchdrop store customer data?
As Couchdrop is a SaaS provider, Couchdrop uses Amazon Web Services as it’s compute engine, as well as S3 storage for those who chose to use Couchdrop as your Hosted Storage option. Should you choose a third-party cloud storage provider, Couchdrop does not maintain or hold GDPR responsibility for data stored here. For more information on AWS’s approach to GDPR, see https://aws.amazon.com/compliance/gdpr-center/
When transferring data with a Couchdrop service such as Move, Cloud SFTP or another means of Couchdrop transport, all data is processed in memory and overwritten at regular intervals as new data is processed. Therefore, unless you have chosen to store data within Couchdrop Hosted Storage, no data processed by Couchdrop is physically stored and the only remaining evidence is metadata that can be located within the audit log of your my.couchdrop.io portal.
Will Couchdrop be storing EU customer data in the EU?
Couchdrop has no intention for the interim to store data in the EU, and this isn’t required under GDPR. Instead, GDPR requires companies to implement appropriate safeguards when they export personal data out of the EU.
Couchdrop ensures that it complies with EU data export restrictions when it exports data outside of the EU.
However, should a customer be large enough to justify establishing an EU presence, or should there be enough demand, Couchdrop will consider standing up an EU presence.
How will Couchdrop comply with EU data export restrictions?
When personal data is hosted or processed outside of the European Union Area by Couchdrop, GDPR requires that it remains protected by appropriate safeguards in line with EU law.
Our EU customers' data is processed in the United States of America. United States is recognized by the EU as an 'adequate' country (i.e. safe country) to receive and process EU personal data, pursuant to European Commission Decision 2013/65/EU. Couchdrop additional ensures "appropriate safeguards" are in place that are prescribed by GDPR – i.e., by entering the European Commission’s Standard Contractual Clauses with the entity the data is transferred to, or by ensuring the entity is Privacy Shield certified (for transfers to US based entities).
Is Couchdrop signed up to Privacy Shield?
Couchdrop is a New Zealand-headquartered company, with an infrastructure presence in the United States of America – we are not a US-headquartered company. Privacy Shield is only one of a few available mechanisms to transfer data outside of the EU, and certification against the Privacy Shield is not a legal requirement. We otherwise rely on a combination of options to ensure that Couchdrop and data maintains compliance with EU data export rules.
Do you have a GDPR compliant Data Processing Agreement/Addendum for us to sign?
The Couchdrop Data Processing Addendum is found [https://couchdrop.io/privacy/gdpr/gdpr-data-processing-addendum]. You don't need to sign it - it automatically applies as part of the Couchdrop Terms and Conditions whenever it is relevant to your use Couchdrop’s services and solutions.

Couchdrop Third Parties

Couchdrop uses a range of third parties to help us provide you with a great service and to assist us with communication, infrastructure and understanding your needs better. See below for a list of third parties that Couchdrop uses.
Product
Purpose
Location
Amazon Web Services
Cloud Infrastructure Service Provider
United States
Stripe
Billing and Payment provider
United States
Mailchimp
Electronic Direct Mail and Campaign manager
United States
HubSpot
CRM
United States
Google Analytics
SEO and Web analyzing and data reporting tool
United States
Zendesk
Ticket and Incident Management tool
United States
Zapier
Third party integrator tool for business processes
United States
Digital Ocean
Third party hosting provider
United States
Cluvio
Third party Analytics and Reporting
United States