This information applies to EU citizens.
On May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) takes effect. GDPR regulates the governance of personal data for European Union (EU) citizens with an emphasis on information security and data privacy.
The GDPR does not only apply to companies that operate in the EU. It also impacts companies operating outside of the EU, like Dovetail, if they have any EU customers or personal data of anyone in the EU.
Dovetail has made information security and data privacy foundational principles of everything we do, and we recognize the importance of adhering to regulations to advance information security and data privacy for citizens of the EU.
As an Australian-based business, our information security and data privacy practices and policies are already guided by Australian law, namely the Australian Privacy Act 1988 (Cth) (Privacy Act).
The GDPR and the Privacy Act include some similar requirements. Both laws foster transparent information handling practices and business accountability, to give individuals confidence that their privacy is being protected. Both laws require businesses to implement measures that ensure compliance with a set of privacy principles, and both take a ‘privacy by design’ approach to compliance.
Dovetail is a new product built on a modern technical infrastructure. We have adopted a ‘privacy by design’ architecture in how we handle personal information and customer data from the beginning, following the guidelines set out in the Privacy Act.
However, the GDPR includes new guidelines not covered by the Privacy Act, and we have made some changes accordingly.
We have updated the structure and language used in these policies to more clearly communicate what information we collect, what we use it for, who we share it with, and what your rights are. We have also added a table of our third party Data Subprocessors, including information on what we use them for and where they are located.
We have improved our data export features for better data portability and streamlined our deletion process to make it easier for users to delete their account and remove all of their personal information by contacting us.
The ‘right of access’ allows you to request confirmation as to whether or not your personal data is being processed, along with access to the personal data. Email your request to email@example.com.
The ‘right to recification’ allows you to update any incorrect personal information. You may do this in Dovetail through your profile.
The ‘right to erasure’ allows you to obtain the erasure of your personal data, under certain circumstances as laid out in Article 17. If you would like us to delete your account and personal information, email your request to firstname.lastname@example.org.
The ‘right to data portability’ allows you to receive your personal information in a “structured, commonly used and machine-readable format”. If you would like a copy of your personal information, email your request to email@example.com.
The following resources might prove useful:
If you have any questions, please email us at firstname.lastname@example.org.