The EU General Data Protection Regulation (GDPR) came into effect on May 25, 2018. SubsNinja meets all GDPR requirement for adequate data protection and storage.
SubsNinja uses third party subprocessors, such as cloud computing providers and regulated payment gateway providers, to provide our services. We enter into GDPR-compliant data processing agreements with each subprocessor and require the same of them.
Does GDPR affect me?
If you’re a club located in the EU then GDPR is a concern for you! You may be a Controller of personal data under GDPR law, so you will need to enter into GDPR-compliant data processing agreements with any online services and third-party vendors you rely on to process personal data, including SubsNinja.
How we help you stay GDPR compliant
(a) We provide a generic GDPR-compliant data processing agreement/contract signed by us that you can use to ensure you have a document that precludes us from using the personal data of your members for any other reason than providing service to you.
(b) We keep you GDPR compliant in respect to your GDPR responsilities to members in the following areas:-
- Right of Access: allowing your members to view their personal data held by you
- Right to correction: allowing your members to maintain their personal data
- Right to Erasure: allowing your members to delete their personal data
- Right to Portability: allowing your members to download their data