GDPR Compliance
The content presented on this page offers insights into the GDPR, as interpreted by Webtronic Labs LLC, as of the date of its publication. We have dedicated considerable effort to understanding the GDPR and strive to provide thoughtful perspectives on its intent and implications. However, the application of the GDPR is highly nuanced, and not all aspects and interpretations are universally agreed upon. Therefore, this content is provided solely for informational purposes and should not be considered as legal advice or a definitive guide on how the GDPR may affect you or your organization. We recommend consulting with a qualified legal professional to discuss the GDPR in the context of your specific circumstances and to ensure compliance. Webtronic Labs LLC makes no warranties, express or implied, regarding the accuracy or completeness of the information provided on this page. The information is provided “as is,” and it is subject to change without notice. This document does not grant any legal rights to any intellectual property associated with any Webtronic Labs LLC product. You may use this information for internal reference purposes only.
What is GDPR?
On May 25, 2018, a significant milestone in European data protection legislation was reached with the implementation of the EU General Data Protection Regulation (GDPR), marking the culmination of 20 years of development. This regulation supersedes the 1995 EU Data Protection Directive and aims to enhance individuals’ rights concerning their personal data while harmonizing data protection laws across Europe, regardless of the data’s processing location. Consequently, numerous organizations that handle the personal data of EU residents are obligated to adhere to the GDPR’s provisions. Given that many of our bot creators are situated within the EU and a considerable portion of users outside the EU are EU residents, we must address these regulatory requirements accordingly.
What has Webtronic Labs LLC done to comply?
Webtronic Labs LLC is a U.S.-based company, yet we serve clients and bot users situated in the EU. Despite lacking any physical presence in the EU, we acknowledge that many of our users are directly impacted by the GDPR and anticipate our compliance to sustain the usage of our product with confidence under the new regulations.
Consequently, we’ve taken steps to meet the GDPR requirements that are applicable to us as processors (and in some cases, subprocessors) of personal data by implementing tailored legal, technical, and organizational measures aimed at addressing data privacy and security concerns:
- We’ve established contractual measures through our Privacy Policies aligned with GDPR requirements, effective from the GDPR enforcement date. All platform users will be prompted to accept these terms before that date.
- We’ve ensured the presence of appropriate contractual measures with each of our data subprocessors, including cloud service and analytics providers.
- We’ve deployed and delineated specific technical and organizational measures to safeguard data privacy and security. Furthermore, we’ve enacted internal protocols and procedures to ensure our compliance with GDPR requirements regarding the storage, processing, and management of personal data.
- We’ve revised our Privacy Policy to incorporate clauses tailored to the EU.
Updated Terms of Use and Privacy Policy
To align with GDPR requirements, we’ve made revisions to our Terms of Use and Privacy Policy. We urge you to carefully review both documents and reach out to us with any inquiries.
FAQ
Common questions
What is personal data?
Any data that pertains to a specific individual, who can be directly or indirectly identified, constitutes personal data. An identifiable person is someone who can be recognized, directly or indirectly, typically by reference to an identifier such as a name, email address, or location. This also encompasses online identifiers like IP addresses, various types of website cookies, and other device identifiers.
Who fulfills the roles of data controllers, processors, and sub-processors?
A data controller is the entity or individual responsible for determining the purposes and methods of processing personal data of EU residents. For instance, Webtronic Labs LLC acts as a data processor, and depending on their role, Webtronic Labs LLC’s clients (bot creators) may serve as controllers or primary processors with respect to personal data subject to GDPR regulations.
The GDPR applies to both data controllers and processors. Controllers gather data from end-users, who are typically EU residents, for clearly defined purposes and with appropriate consent. Data processors offer services to controllers in accordance with the instructions provided by each controller.
Additionally, there is a category known as sub-processors or third-party entities engaged in data processing on behalf of other organizations, who are also responsible for safeguarding personal data as per the GDPR.
Does the GDPR mandate that EU data remain (be hosted/stored) in the EU?
No, the GDPR does not mandate that personal data from the EU must remain within the EU, nor does it significantly alter the landscape for data transfers outside the EU.
Data transfers from the EU to other regions can be validated through various methods, such as:
EU-US Privacy Shield
Model or contractual clauses
Binding Corporate Rules (BCR)
Does the GDPR only pertain to personal data of EU residents?
The GDPR extends beyond solely covering data of EU residents. For instance, data belonging to US residents would also fall under the GDPR if processed by an EU-based entity within the EU.
Does the GDPR extend to territories beyond the EU?
The GDPR can be applicable whenever the personally identifiable information of any EU resident is stored and processed, irrespective of physical location or territory. Additionally, establishments within the EU are bound by the GDPR regardless of the origin of personal data.