The European Union (EU) introduced a landmark regulation called the General Data Protection Regulation (GDPR in short) on the 25th of May.
The goal of GDPR is to give EU residents drastic improvements to their privacy rights and control over their personal data, and to protect them from privacy breaches and leaks.
Every organisation that handles, markets or tracks the personal data of EU residents is concerned, even if they are not based in Europe. In the case of software companies which typically sell their products globally, this means that this new regulation will apply to everyone, no matter where they are based.
There are strong penalties in place for non-compliance: up to €20m or 4% of global annual turnover, whichever is higher.
Making sure we were compliant, and that the personal data of the customers buying our products was treated correctly, whilst continuing to provide a great customer experience has been an important focus for us over the past few months.
Here are the main concepts of the GDPR:
• Personal data requires lawful processing. This means that you shouldn’t buy email lists where you don’t know how consent was acquired.
• Customers should specify exactly what communications they want to receive. This means that the language explaining how we will contact you needs to be very clear and respect certain rules - leading to fewer unsubscribes and spam reports.
• Customers will have a right to transparency around the collection and processing of their data. This means that you will be able to ask us for the data we store on you, and receive it in a simple format.
• Customers can request the right to be forgotten. This means that if you ask us, we will remove all your personal data.
How We Handle Customer Data
We collect customer data during our checkout process for payment processing and order fulfilment purposes. These include name, location, contact details, and billing information.
The personal data provided to us is protected under the GDPR.
We have a legitimate interest to use customer provided data for product fulfilment, order processing, fraud prevention, and product support.
Data Transfer & Sharing
Rules for transferring data outside of the EU haven’t actually changed under GDPR, and whilst we process data outside of the EU, we do so in a way which is fully compliant with EU law.
We process and store data in the US using infrastructure and data solutions provided by Pair Networks. Pair Networks is certified under the EU-US Privacy Shield, and as such, the transfer and processing is compliant without the need for additional consent.
During our checkout process customer data is securely shared with our payment providers. These providers are both GDPR and PCI DSS compliant. Sharing is necessary to facilitate the payment process. In addition, anonymized data is also shared with a number of GDPR compliant fraud monitoring platforms.
Our platform implements industry best practices for data security, including encryption at rest and in transit, access control, and auditing. Keeping customer data private and secure is extremely important to us at Maxprog.
Cookies & Tracking
We use a small number of GDPR compliant tracking and monitoring platforms. These services use a combination of temporary and long lived cookies to be able to identify unique user journeys. These services are used internally only for platform diagnostics and product improvements.
The data collected is not shared with any outside parties, nor is used for any activities which would require further GDPR compliance or an opt-out. They are necessary to ensure the reliable operation of our platform.