The General Data Protection Regulation (“GDPR”) is a comprehensive EU data protection law, which goes into effect on May 25, 2018. The GDPR expands the privacy rights of EU individuals, and places heightened obligations on companies that process EU personal data in the context of providing goods or services to those individuals.
For more details, check out this Guide to the GDPR published by the UK Information Commissioner’s Office.
Companies within the EU, or who process the personal data of EU residents in the context of providing goods or services, will need to comply with GDPR. As a AcademyOcean client collecting data via our Software-as-a-Service (SaaS) solutions, you are likely a data controller under the GDPR.
Clients will need to evaluate their obligations under the GDPR, in part, based on: (1) the type of client data that you collect via AcademyOcean SaaS solutions, and (2) the legal basis on which you rely for the collection of this client data.
AcademyOcean serves as the data processor for the data you collect via our SaaS solutions, as further described in this GDPR FAQ. For some limited data types (e.g. your login data), AcademyOcean is the data controller.
Are there certain types of data that cannot be collected and processed via AcademyOcean’s solutions?
Yes. AcademyOcean are not intended for processing data that could be legally considered sensitive in any applicable jurisdiction (e.g. government-issued identification or credit card numbers).
AcademyOcean calls this “Prohibited Data”, and the default configurations of AcademyOcean’s methods do not collect Prohibited Data. AcademyOcean prohibits clients from using its solutions to collect, store, process, or analyze Prohibited Data, and does not accept liability for Prohibited Data.
Please, visit our Security Statement page
From May 25, 2018 AcademyOcean compliance with GDPR.
For more information, please contact us at firstname.lastname@example.org