What is GDPR?
On May 25, 2018, the General Data Protection Regulation, abbreviated as the GDPR, will be enacted. This law will establish general rules regarding data protection in the European Union for international companies that process personal data of EU citizens. The main goal of the law is to give users the opportunity to learn about their data, which is stored by the company, and if the user wants to, manage it.
GDPR & Smartcat
Smartcat is very serious about storing the personal data of its customers, and protecting this information. In fact, we’ve always been, and after the enactment of the new law, that’s not going to change.
You can still control the visibility of your profile to search engines and within Smartcat’s Marketplace. If you decide to stop using Smartcat, we will, at your request, delete your account and all associated information, including files, payment history, etc. You may delete the personal data you’ve added to your freelancer profile or corporate profile, such as your name, photo and phone number, by yourself at any time.
Smartcat employees who have access to your data are thoroughly checked by our security team and can only use your data as part of their work. In addition, access is limited by authorization procedures and infrastructure, which does not allow employees with insufficient rights to access information.
Your data is stored in data centers with the strongest, strictest security level, Tier IV. This is a much higher level of protection than conventional office servers provide (Learn more about Smartcat security measures).
We do not share any user information we have with third parties. Your data is stored on one of three servers located in Europe, the US or Asia and does not go outside of them. When you sign up with Smartcat, your information will go to one of the three servers, depending on the region in which you are located.
In the terminology of the GDPR, Smartcat is a “data controller”, because we collect and use information about our users. We carefully select partners to help process our payment orders, and enter into agreements with them that detail points concerning the safety of user data. Smartcat does not store your bank card details; they are stored on our payment partner’s side, which has all the necessary infrastructure to ensure the safe storage of this type of information, which is confirmed by the availability of a PCI DSS certificate.
Preparation of Smartcat for GDPR
We are carefully preparing for the coming into effect of the GDPR, namely:
- We are working on a new user agreement text; we will let you know about any changes.
- We are working to automate handling of any situation of deleting or exporting data to easily execute it upon your request.
- We are checking partners for compliance with GDPR statutes regarding data storage and management and signing corresponding agreements with them.
- We are increasing the culture of security within our company. Even employees who do not have access to users’ personal data will need to become familiar with our basic security policies.
Any new solutions we design will take into account the new requirements for data security. At the same time, we are looking for the latest solutions in the field of data protection, and will apply them to our processes, infrastructure solutions and partner selection.