Open Menu
Why Beusable
Journey Map
Features Pricing
UX Heatmap
Features Pricing
Support
Documentation FAQ Contact Us Resources Book Lecture References
Forum

GDPR Commitment

The GDPR is a new EU privacy law that comes into effect on May 25, 2018.
It's intended to strengthen and standardize the privacy of EU residents.

Who does it apply to?

The GDPR not only applies to organizations located within the EU but also applies to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of, EU data subjects.

It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.

What does GDPR regulate?

The GDPR regulates the processing of a data subject’s personal data in the European Union including its collection, storage, and transfer or use.

The GDPR gives data subjects more rights and control over their data by regulating how you should handle and store any personal data they collect.

The personal information defined by GDPR includes basic information (name, address, etc.), web information (location, IP address, cookie data, RFID tag, etc.), health/genetic information, iometric information, racial/ethnic information, political opinion, and sexual orientation.

What has Beusable done about the GDPR?

We value our customers (and their customers) rights to privacy. In compliance with the GDPR,
we are preparing the following new features and services.
  • Appoint a Data Protection Officer
    COMPLETE
  • Obfuscation of collected end-user IP information and delete
    COMPLETE
  • Develop Opt-Out feature: Feature that does not collect data of users when opted out
    IN PROGRESS
  • Opt-Out is a method of collecting personal information until the parties explicitly deny the collection of personal information
    IN PROGRESS
  • Provide Data Processing Agreement following the GDPR
    IN PROGRESS
What happens if we don't comply with the GDPR?
In the event of a serious breach, you can be subject to administrative fines up to €20 Million, or in the case of an undertaking, up to 4% of the total worldwide annual turnover of the preceding financial year (whichever is larger).
In the event of a general offense, you can be subject to administrative fines up to €10 Million, or in the case of an undertaking, up to 2% of the total worldwide annual turnover of the preceding financial year (whichever is larger). In addition, the authority to determine whether and to what penalties are imposed shall be given to Member State supervisory bodies.
Do we need to appoint a Data Protection Officer?
A Data Protection Officer must be appointed in the case of :
(a) public authorities,
(b) entities that engage in large scale systematic monitoring, or (c) entities that engage in large scale processing of sensitive personal data.

If you don’t fall into one of these categories, then you do not need to appoint a Data Protection Officer (although this is highly advisable).
Our company uses Beusable, what should we do as a controller?
When using Beusable, the following obligations apply to data controllers, who are handling personal information of users in the European Union (EU)
Since Beusable collects and stores cookies and IP information, you must obtain legitimate consent of the end-user to use.

- Must have signed record from the end-user.
- Must provide clear instructions to the end-user about withdrawing consent.
- Must provide end-users with easily accessible information about your personal data.

*What is a controller?
'Controller' means the natural or legal person, public authority, agency or other bodies which, alone or jointly with others, determines the purposes and means of the processing of personal data.
As a Data Controller, do I have to sign a Data Processing Agreement with Beusable?
If you are an entity based in the EU or collect data from data subjects in the EU you should sign a Data Processing Agreement with Beusable.
Currently, we are working on a Data Processing Agreement intended to cover all terms as required under the GDPR.