GDPR (General Data Protection Regulation) is the European Union’s new regulation on data protection and privacy for all individuals within EU, came into effect on May 25, 2018. This article gives information about Awesome Table compliance with GDPR and the answers to your key questions during your review of Awesome Table as your Data Processor.
Awesome Gapps (your service provider - the creator of Awesome Table) is committed to respecting your privacy and your customers privacy by complying to GDPR policy. Awesome Table (the service), a cloud-based application software (web app) that displays the data provided by a data source (for example, from Google Sheets) in a customizable view, which can be embedded into any web site, would be considered a Data Processor. Data Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Data Controller (you).
Awesome Table’s commitment to GDPR.
Here are the key information (as FAQ) of our commitment to GDPR compliance, safety/protection of your data, and features that may support the compliance of our customers. You may want to consult these while reviewing or choosing Awesome Table as your Data Processor.
Is Awesome Table GDPR compliant?
Yes. Awesome Table is GDPR compliant as of May 25, 2018.
Does our Data Processing Agreement (DPA) confirm Awesome Table's compliance with the GDPR?
How does Awesome Table comply with the legal requirements for transferring data?
Awesome Table’s Data Processing Agreement (DPA) has been updated to confirm our compliance with the GDPR.
As detailed in the DPA, the application of lawful data transfer mechanisms for our customers who wish to transfer personal data to Third Countries (outside the EEA) in accordance with Article 45 or 46 of the GDPR, relies on entering into Standard Contractual Clauses or offer any alternative transfer solution if requested (for example, the EU-U.S. Privacy Shield).
Where is Awesome Table’s data stored?
Awesome Table is built over and run entirely on Google Cloud environment. All data are stored and hosted on Google servers. The data is never stored or transferred to any entity other than Google’s.
Do you have a Data Protection Officer (DPO)?
Yes, we do. Since our core activities consist of processing which requires regular and systematic monitoring of individuals on a large scale. Our Data Protection Officer (DPO) is a core member of the Security Review Board.
What data controls do you have in place?
Awesome Table, as a cloud-based application software (web app), requires you to log in with your Google account credentials to use it to create views.
The authentication entirely relies on Google’s authentication services to allow you to log in. Awesome Table does NOT have access to your Google account or your password at any time.
The first time you use Awesome Table to create views, it requests your authorization to access certain services in your Google account and to act on your behalf. Awesome Table requests the permissions that are absolutely necessary to offer its functionality to you. The authorization you grant is limited to the functionality of the service. Awesome Table neither propagates these permissions nor allows access to your files/folders to anyone (including the Awesome Table Support team) automatically.
Who can access my data, under what circumstances, and what can they see? Is this access tracked?
Only you have access to your data or your customers' data (Data Subjects) at any point in time, except for only one instance where you will explicitly grant access to your files (view & Google Sheets datasource) when you seek any technical assistance from the Awesome Table Support team.
Do you have a security breach notification process in place?
Yes. As detailed in our Data Processing Agreement (DPA), in the event of a data incident, we will notify the affected customers promptly and without undue delay and take reasonable steps to minimize harm and secure customer data. The notification will be delivered to the notification email address of the customers. Please note that you (the customer) are solely responsible for ensuring that the notification email address is current and valid.
What risk management processes do you have in place?
Our risk management processes include a robust monitoring system (Google Stackdriver) and an active monitoring by our Security Review Board. Our practices are governed by our Incident Response Policy (which was enforced on November 1, 2017).
If an issue is detected by the monitoring system (our Security Review Board), or by notifications from our service provider (like Google Firebase), the severity of the incident is immediately assessed and directly reported to the Developers team.
The Incident Response Plan includes reporting any major impact incidents and the measures in our Awesome Table status page: https://support.awesome-table.com/hc/en-us/articles/115005641789. In case of incidents impacting a small number of specific customers, they will be contacted privately.
Regardless of the incident severity level, customer support tickets sent to firstname.lastname@example.org that are related to the incident will be updated with the incident status.
Do you currently adhere to Binding Corporate Rules (BCR)?
What third party organisations do you work with that may also have access to the data we share with you?
Do you provide offer any legal advice or guidance for Awesome Table customers (Data Controllers)?
No. We do not and cannot offer any legal advice or guidance on what actions and how you (a Data Controller) may need to take to comply with the GDPR. However, please be ensured that we are committed to provide you with the tool that may help you comply with the regulations.
We have a series of detailed articles covering Awesome Table’s data security and confidentiality. We encourage you to reference these articles as it will provide explanations of what, why and how your data is processed by Awesome Table:
- [DATA ACCESS] What permissions are needed so I can use Awesome Table?
- [DATA PROCESSING] How are my data visualizations (views) created?
- [DATA STORAGE] What data are stored by Awesome Table and how are they used?
- [DATA ACCESS] Do I need to share my Google Sheets datasource and Awesome Table view to the Support team?
- [DATA DELETION] How can I have my data deleted from Awesome Table?