Prodsight is compliant with GDPR (General Data Protection Regulation). The GDPR is now the standard for consumer data protection rights.
If you are located in or do business in the European Union (EU), you need to follow new stricter customer data protection rules. Learn more about Prodsight’s compliance and how GDPR affects your organisation.
About GDPR
Starting 25 May, 2018, GDPR will replace the Data Protection Directive, which has been in effect across the European Union (EU) for the past 20 years. The goal of GDPR is the enforcement of a standardised data protection law for the entire EU.
Why GDPR is important
To ensure that the protection of personal data remains a fundamental right for EU citizens, GDPR’s aim is to modernise outdated privacy laws. GDPR has the potential to impact any business that collects data in or from Europe.
If organisations are not GDPR compliant, significant fines of up to €20,000,000 or 4% of global annual turnover, whichever is greater, may be levied on them.
Terms and Privacy Policy
By starting a free trial or signing up as a paying customer you agree to our terms and conditions and privacy policy. These documents outline our approach to personal data processing and are compliant with GDPR.
Your rights
Under the GDPR you have the right to see a full copy of any data we hold about you, and also the right to request that it is fully deleted from our system (although we may be required to keep some records to ensure that you are not contacted in future, or to comply with any legal obligations).
This is also true for the data you hold about your customers within Prodsight - you need to be able to adhere to GDPR requirements too and it is our job to help you do that.
Sub-processors
We use a small selection of trusted 3rd-party data sub-processors to deliver our services.
Infrastructure Sub-processors
| Sub-processor Name | Website | Data Location | Purpose |
| Amazon Web Services | https://aws.amazon.com | EU (Ireland) | Computing and data storage |
| Google Cloud Platform | https://cloud.google.com | EU (Ireland) | Computing and data storage |
| Cyclr Systems Ltd | https://cyclr.com | UK | Data integrations |
Service Sub-processors
| Sub-processor Name | Website | Data Location | Purpose |
| Intercom | https://www.intercom.com | USA | Customer support, communications and analytics |
| Heap Analytics | https://heapanalytics.com | USA | Analytics |
| Google Analytics | https://analytics.google.com | USA | Analytics |
| Stripe | https://www.stripe.com | USA | Payment processing |
| Hubspot | https://www.hubspot.com | USA | Customer relationship management |
| Xero | https://www.xero.com | USA | Billing record keeping |
| Chargebee | https://www.chargebee.com | USA | Billing and Payment processing |
| Hotjar | https://www.hotjar.com | USA | Analytics |
DPA (Data Processing Agreement)
Prodsight makes it easy for our customers to show that they use Prodsight in a GDPR-compliant way. To make it convenient and easy, we provide a DPA (Data Processing Agreement), which is a self-serve and easy-to-execute document pre-signed by Prodsight. It only requires an electronic signature from the user.
Once the DPA is signed by both parties it will then become legally binding. You can provide the DPA to auditors to show that you use Prodsight in a way that demonstrates your data is being processed in a way that meets your GDPR compliance obligation.
Please contact us at [email protected] to request a DPA for signing.