GDPR How Clerk.io complies with the EU General Data Protection Regulation Hans-Kristian Bjerregaard
Handling personal data requests
We have made it super easy for both marketeers and developers to handle requests about personal info or requests to be forgotten.
Personal data information requests
Requests to be forgotten
By forgetting a customer we will remove any personal data we have on this data subject while still preserving all non-personal data. You can forget a customer by simply clicking Forget Customer on the bottom of the customers profile or using our Privacy Forget API.
Due to backup and security measures it can take up to 30 days before all personal data is purged from our platform. If we at anytime need to use such a backup to recover lost data personal data will be restored. In such a case you will be informed and will have to re-issue all Forget Requests issued in the last 30 days.
What personal data is collected by Clerk.io
As a data controller you are fully responsible for informing your data subjects about how their personal data is being used and for using Clerk.io in a such complient manner.
Clerk.io can be fully configured to only collect the personal data you want but by default we collect the following:
The pages you visit.
The content you see via Clerk.io.
The clicks on content via Clerk.io.
The products in the orders you placed (if any).
Your email address, but only if the store explicitly enables it and you give an explicit content to the store processing your e-mail for e.g. marketing purposes.
Visitor data is stored between 1-12 months depending on your visits' frequency and length and the need for legal documentation of compliance with the GDPR.
How we handle personal data
Clerk.io has been built from the beginning with privacy and security in mind as we do already do the following:
All personal data is stored and processed in Germany.
Any personal data is stored in isolated databases to enhance data separation between our customers.
We ensure that any of our service providers that can get into contact with personal data keeps this data within the EU.
We conduct routine vulnerability scans and penetration tests of our entire platform.
We ensure and monitor that our employees only have access to Personal Data when it's needed to perform their job.
In anticipation of GDPR, Clerk.io has added the following features before May 25, 2018:
We added a standard Data Processing Agreement.
We have enabled the ability to remove all of a users personal information both via our API and UI.
We have gotten a third party GDPR certification both as Data Controller and Data Processor.