GDPR Compliance

Last updated: 02/05/2018

Overview

We know what data we store, we know where it exists, where it is held, how it is managed and who has access to it.

Data Protection Officer

Mike Brear is responsible for staff training, quarterly internal audits and notifying our EU GDPR supervisory authority within 72 hours in the unlikely event of a data breach. You can contact Mike on mike@signupanywhere.com if you have any questions relating to GDPR.

Security & Infrastructure

All SignUpAnywhere data is encrypted over HTTPS with an industry-standard 2048 bit SSL certificate. Respondent data is encrypted as it is sent to the server, and then encrypted when accessed, so it can’t be intercepted (e.g. over insecure WiFi). Data deleted from your account will be removed from the system and, for the sake of privacy and security, is unrecoverable.

Our servers are located in high-security ISO 27001 and ISO 9001 compliant data centers in the UK and Ireland. The facilities have state-of-the-art cooling, power, security and network capabilities. We go to great lengths to ensure that your data is secure. All databases are password protected and firewalled to prevent outside access, and our servers are regularly security patched to minimise the risk of intrusion.

We take data security very seriously and our security policy has been developed by our team to align with ISO 27001.

We use Stripe as our payment provider and their ongoing commitment to compliance with European data protection laws is outlined on their website.

Your Responsibility

SignUpAnywhere is a tool for capturing personal data. It's up to you to use your forms in a GDPR-compliant way.

To start, you will need a legal basis for processing data.

The legal basis will usually be "Consent". You will therefore need to include an opt-in checkbox and disclaimer on your forms.

SignUpAnywhere customers on the Business and Basic plans can add disclaimer text with a required opt-in checkbox to the bottom of their forms. These features can be found in the Options tab of the form customization process.

Business plan customers can add multiple checkboxes with disclaimer text and make them optional or required. This feature can be found in the Form Fields tab of the form customization process.

Please also keep in mind that you are in complete control of the data you collect. You can download and/or delete the data at any time.