Strikingly's GDPR Compliance Statement

 

What is GDPR?

The General Data Protection Regulation (GDPR) is a new European privacy regulation that will replace the current EU Data Protection Directive (Directive 95/46/EC). The GDPR aims to strengthen the security and protection of personal data in the EU and harmonize EU data protection law.

 

Why is GDPR important?

The GDPR has the potential to impact any business that collects data in or from Europe. One of the key aspects of the GDPR is that it creates consistency across EU member states on how personal data can be processed, used, and exchanged securely. If you collect, change, transmit, erase, or otherwise use or store the personal data of EU citizens, you’ll need to comply with the GDPR.

If you are a website owner and collect personal data via web forms, especially from people who live in the European Union, you'll need to make your website compliant with this regulation, come on May 25, 2018. It is also important that you update your site's Privacy Policy to cover all personal information that is being collected through your site.

 

What and who?

The GDPR applies to all organizations operating in the EU and processing “personal identifiable data” of EU residents. Personal data is any information relating to an identified or identifiable natural person. e.g., dates of birth, names, physical addresses, email addresses, and so on.  

  • About Consent

You need to have a legal basis, like consent, to process an EU citizen’s personal data. This consent must be verifiable. It requires a written record of when and how someone agreed to let you process their personal data.

  • About Individual Rights                                                                                           

The GDPR also outlines the rights of individuals around their personal data. EU citizens will have the right to ask for details about the way you use their personal data, and can ask you to do certain things with that data. People have the right to request their personal data be corrected, provided to them, prohibited for certain users, or removed completely.

 

How Does Strikingly Protect Your Data and Comply with GDPR?

Strikingly is dedicated to protecting your data and complying with GDPR policies when it becomes enforceable on May 25, 2018. Our team is working with users around the world to answer their questions and to help them prepare for using Strikingly’s Services when GDPR takes effect.

Our team has reviewed Strikingly’s product features and practices to ensure we support GDPR compliance requirements. This document provides a description of our practices and policies.

1. User Information

  • Strikingly contracts security consultants to ensure the security of our user information. They perform regular security audits and infiltration testing to maintain our ISO/PCI security certifications. Any issues that are reported to our security team or raised during security audits are resolved as soon as possible.
  • Strikingly encrypts databases containing sensitive information, according to PCI standards, to add additional protection of personally identifiable information. Our encryption methods render this information unreadable without a cryptographic key. 
  • Strikingly has a multiple-layer security architecture to help protect against 0-day security issues.
  • Strikingly's signup, login, and payment services are completed through a secure server. The information provided to Strikingly in the signup process is secured via HTTPS/ SSL communication.
  • Strikingly uses cryptography hash functions to protect users’ information. User’s password is stored as a hash digest and, in the event of a security breach, their original password cannot be recovered from our servers.  

2. Data Security

  • Strikingly has documented and implemented internal mechanisms for limiting the processing of personal data to only certain specified uses relating to Strikingly’s products and services.
  • Strikingly only discloses Service Data to third parties where disclosures are necessary to provide the services or as required to respond to lawful requests from public authorities.
  • Strikingly uses multiple data centers to guarantee a secure and highly available service at scale.

3. Transparent Terms 

Strikingly makes Terms & Conditions, and Privacy Policy clear and transparent to our users.

4. Data Processing

Strikingly publishes Data Processing Agreement (DPA), to address how we process data on users' behalf.

5. Internal Protocol

  • We continuously train employees on best security practices, including how to identify social engineering, phishing scams, and hackers.
  • Employees on teams that have access to customer data (such as tech support and our engineers) undergo criminal history and credit background checks before employment.
  • All employees sign a Privacy Safeguard Agreement outlining their responsibility in protecting customer data.
  • When a Strikingly employee leaves the company, we follow a strict checklist to ensure that all of their server access permissions are revoked.

6. Data Access Rights

  • Request to view data: Strikingly provides users the right to access their data, check what data we have collected, and choose their data to be forgotten.
  • Request to delete data: Strikingly provides data subjects with the right to delete data if the continued processing is not justified. For example, users may need to delete their customers' and site visitors' personal data to comply with GDPR obligations. Users may also delete their accounts, which will permanently remove relevant data from our servers.

 

What Third-Party Data Services Does Strikingly Use?

As a website editor and hosting service, we collect data to better serve your needs and continuously improve our product. In the Strikingly dashboard and editor, we log user event data to Mixpanel. This data is anonymized and contains no Personally Identifiable Information (PII). On published Strikingly websites, we log data to Google Analytics and Keen.io to record site visit data. This data is anonymized and contains no Personally Identifiable Information (PII).

To view more detailed information about the data we collect, please see our Privacy Policy.

 

How Do I Make My Strikingly Websites Compliant?

If your website is targeting users in the European Union, you should enable GDPR for your own sites. Visit the following link to learn how.

 

Resources

Regulators within the European Union provide specific guidance on GDPR policies. You can view their documentation here to learn more:

 

In case you need assistance, shoot us a line at support@strikingly.com or chat with us.

Have more questions? Submit a request