Fernand is committed to privacy, security, compliance, and transparency. This approach includes supporting our customers’ compliance with EU data protection requirements, including those set out in the General Data Protection Regulation (“GDPR”), which becomes enforceable on May 25, 2018.
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).
One way in which the personal data of an EU citizen could be collected when using Fernand is when you build a database of contacts, their information, and business dealings with them (i.e. a CRM system).
Not all customers will be “data subjects”, as data subjects are only individuals. Some of your customers may be businesses or government organizations, to which the GDPR does not apply to.
Yes, Fernand is fully compliant with the GDPR. This document outlines all the provisions we took to make sure we are complying fully with the regulation.
Registration and Contact Information. We collect information about you when you (a) register to use the Services and (b) otherwise provide contact information to us via email, mail, or through our Service. The information you provide may include your username, first and last name, and email address.
Payment Information. When you purchase the Services, we will also collect transaction information, which may include your company name, company VAT (when applicable), credit card information, billing, and mailing address.
Third-Party Platforms. We may collect information when you interact with our service on third-party sites or platforms, such as analytics sites. This may include information such as actions or the fact that you viewed or interacted with our content.
We take data protection and security very seriously at Fernand. We constantly monitor for security flaws and unauthorized access and we will take action immediately if something suspicious is been detected. In an unlikely case of a data breach, we will notify all of our customers within 72 hours after the breach was detected.
Some of the preventive measures we take include:
All individual rights regarding GDPR will be enforced by our Fernand team. If you want to exercise your GDPR rights, you can reach out to us with your request using our support email address: firstname.lastname@example.org
Those rights include:
We act as a data processor for our customers (see “Information we hold”) which means we need to provide a signed Data Processing Agreement on request. If you are a customer (paid user) of Fernand and you need the DPA, please contact us via email and we’ll send it to you.
We also requested and signed DPAs from each of our sub-processors and made sure they are GDPR compliant.
Contact us now and we’ll be happy to answer.