PushPress is committed to data protection. Below is a guide to the European privacy and data protection changes. This is not legal advice. Please consult your own legal counsel to familiarize yourself with the requirements that govern your own specific situation.
The EU General Data Protection Regulation (GDPR) is a new comprehensive data protection law designed to strengthen and unify data protection for individuals within the EU, essentially giving EU residents and citizens more control of their personal data. The GDPR takes effect on May 25, 2018.
Any organization with a presence in an EU country or any company that processes personal data of EU residents and citizens will be impacted by this regulation.
PushPress stores all data in servers and backup servers located in the United States.
Yes. The GDPR stipulates that a person has a right to the erasure of personal data. As the data controller, it is ultimately your responsibility to determine whether to honor a request to be forgotten. You will be responsible for approving or denying every erasure request submitted for your business.
Yes. The GDPR stipulates that a person has the right to a copy of their personal data. With PushPress, a customer has full access to their personal profile and can update, change or delete information at any time.
Consumer data will be retained as long as is deemed necessary unless Right to be Forgotten (right for individuals to have personal data erased) is requested by business or end user.
Yes, we have an internal, documented Incident Response Plan. Externally, we will be updating our Terms of Service to include a more detailed description of our notification obligations in the event of a data breach.
As a customer (‘data controller’ under GDPR terminology), you are responsible for ensuring compliance with the key requirements of the GDPR. This includes notifying individuals of how you handle their personal information, obtaining their consent where appropriate, addressing their requests for access to their information, etc. PushPress will provide you with assistance in meeting those requirements where possible and necessary. However, please note that you remain ultimately responsible for compliance with these requirements.
Operational/Transactional Emails: Emails that are considered operational or transactional will be sent regardless of whether a client has opted out of communication preferences. These emails are sent in response to a customer’s interaction with a website or app and are defined in strictly functional terms. Examples include password resets, shipping notifications, receipts, legal notices, appointment reminders & confirmations, etc. Opt-In is not required for these types of emails.