GDPR Compliance

The EU General Data Protection Regulation (GDPR) came into effect on May 25, 2018. SupporterBase is GDPR compliant.

How does the GDPR affect SupporterBase customers?

If you have any EU personal data (such as names, email addresses, phone numbers) in your SupporterBase, you are a Controller of personal data under the GDPR.

SupporterBase Inc. is a data processor

Processing EU personal data must be governed by a GDPR-compliant contract.

We provide a standard Data Processing Agreement (DPA) to extend GDPR privacy principles, rights, and obligations everywhere personal data is processed.

Third party data processors

SupporterBase uses third party subprocessors such as cloud computing services to provide our services.

We enter into GDPR-compliant data processing agreements with each party. Data subprocessors used by SupporterBase are detailed [here|[privacy_and_security.subprocessors]]

SupporterBase further complies with GDPR principles by:

• Providing mechanisms for informed Obtaining consent.
• Allowing supporters to access_and_amend_their_data
• Ensuring supporter data can be erased
• Taking a “privacy by design” approach
• Adhering to applicable_international_data transfer_regulations Using appropriate subprocessors: ie. well-regarded, allow for processing in the EU or are compliant with Privacy Shield etc.
• Entering into standard DPAs with European clients and subprocessors.

Data protection officer

SupporterBase Inc has appointed Rhys Forsyth as its data protection officer. For any enquiries, please contact info@supporterbase.com.