Approval software data protection
GDPR - Approval Donkey
Approval Donkey has always been dedicated to maintaining the best security for our customers. When the EU’s new GDPR regulations are implemented, we’ll be ready.
What you should know
GDPR distinguishes between a data controller (who collects and owns the data) and a data processor (who handles the data on behalf of the Controller). Approval Donkey is a data processor. As a customer with Approval Donkey, you are usually the controller. When classified as the data controller, Approval Donkey customers must meet certain obligations, such as notifying or obtaining data subject consent.
How Approval Donkey can help
As the data processor, Approval Donkey promises to:
-
Keep your data safe, secure, and private
-
Disclose our sub-processors and monitor their GDPR compliance
-
Keep records of compliance and audit logs as required
-
Make available tools to handle data subject requests, such as right-to-erasure and right-to-access
-
Notify you of a security breach using your account notification contact (in this case your email address)
Sub-Processors
Approval Donkey utilizes the following Sub-Processors when providing our service:
-
Azure Cloud Services – https://www.microsoft.com/en-us/TrustCenter/CloudServices/Azure/GDPR
-
Google Cloud Platform Services – https://cloud.google.com/security/gdpr/
-
SendGrid Email Services - https://sendgrid.com/resource/general-data-protection-regulation-2/
Integration Partners
You also have the option to enable additional Approval Donkey integrations (either built-in or through our APIs or webhooks). We do NOT directly evaluate or attest to the GDPR qualifications of integration partners. Each customer is responsible for evaluating any third-party before creating or enabling an integration. These include, but are not limited to:
-
Xero
-
Zapier
For questions, feel free to contact us on: info@approvaldonkey.net
Last updated: May 2019