GDPR - Approval Donkey

​

Approval Donkey has always been dedicated to maintaining the best security for our customers. When the EU’s new GDPR regulations are implemented, we’ll be ready.

​

What you should know

 

GDPR distinguishes between a data controller (who collects and owns the data) and a data processor (who handles the data on behalf of the Controller). Approval Donkey is a data processor. As a customer with Approval Donkey, you are usually the controller. When classified as the data controller, Approval Donkey customers must meet certain obligations, such as notifying or obtaining data subject consent.

​

How Approval Donkey can help

​

As the data processor, Approval Donkey promises to:

• Keep your data safe, secure, and private

• Disclose our sub-processors and monitor their GDPR compliance

• Keep records of compliance and audit logs as required

• Make available tools to handle data subject requests, such as right-to-erasure and right-to-access

• Notify you of a security breach using your account notification contact (in this case your email address)

 

Sub-Processors

​

Approval Donkey utilizes the following Sub-Processors when providing our service:

• Azure Cloud Services – https://www.microsoft.com/en-us/TrustCenter/CloudServices/Azure/GDPR

• Google Cloud Platform Services – https://cloud.google.com/security/gdpr/

• SendGrid Email Services -  

 

Integration Partners

​

You also have the option to enable additional Approval Donkey integrations (either built-in or through our APIs or webhooks). We do NOT directly evaluate or attest to the GDPR qualifications of integration partners. Each customer is responsible for evaluating any third-party before creating or enabling an integration. These include, but are not limited to:

• Xero

• Zapier

​

For questions, feel free to contact us on: info@approvaldonkey.net  

​​

Last updated: May 2019