Information on the European Union’s General Data Protection Regulation (GDPR)

Last updated May 5, 2018

This information applies to EU citizens.

On May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) takes effect. GDPR regulates the governance of personal data for European Union (EU) citizens with an emphasis on information security and data privacy.

The GDPR does not only apply to companies that operate in the EU. It also impacts companies operating outside of the EU, like Dovetail, if they have any EU customers or personal data of anyone in the EU.

Dovetail has made information security and data privacy foundational principles of everything we do, and we recognize the importance of adhering to regulations to advance information security and data privacy for citizens of the EU.

The Privacy Act and the GDPR

As an Australian-based business, our information security and data privacy practices and policies are already guided by Australian law, namely the Australian Privacy Act 1988 (Cth) (Privacy Act).

The GDPR and the Privacy Act include some similar requirements. Both laws foster transparent information handling practices and business accountability, to give individuals confidence that their privacy is being protected. Both laws require businesses to implement measures that ensure compliance with a set of privacy principles, and both take a ‘privacy by design’ approach to compliance.

Our changes

Dovetail is a new product built on a modern technical infrastructure. We have adopted a ‘privacy by design’ architecture in how we handle personal information and customer data from the beginning, following the guidelines set out in the Privacy Act.

However, the GDPR includes new guidelines not covered by the Privacy Act, and we have made some changes accordingly.

Policy changes

We have split our privacy policy into two separate policies. The new Website Visitor Privacy Policy concerns anonymous website visitors, while the User Privacy Policy concerns logged in, identified users.

We have updated the structure and language used in these policies to more clearly communicate what information we collect, what we use it for, who we share it with, and what your rights are. We have also added a table of our third party Data Subprocessors, including information on what we use them for and where they are located.

Functional changes

We have implemented explicit consent for our User Terms of Service and User Privacy Policy, which all new users will need to agree to before using Dovetail. Users can choose not to consent, or revoke consent at any time, however this will mean they will no longer be able to use Dovetail as our system relies on us collecting and storing information like your email address and cookies for you to be able to log in.

We have improved our data export features for better data portability and streamlined our deletion process to make it easier for users to delete their account and remove all of their personal information by contacting us.

Managing your personal information

Right of access

The ‘right of access’ allows you to request confirmation as to whether or not your personal data is being processed, along with access to the personal data. Email your request to

Right to rectification

The ‘right to recification’ allows you to update any incorrect personal information. You may do this in Dovetail through your profile.

Right to erasure

The ‘right to erasure’ allows you to obtain the erasure of your personal data, under certain circumstances as laid out in Article 17. If you would like us to delete your account and personal information, email your request to

Right to data portability

The ‘right to data portability’ allows you to receive your personal information in a “structured, commonly used and machine-readable format”. If you would like a copy of your personal information, email your request to


The following resources might prove useful:

Contact us

If you have any questions, please email us at

Made in Australia by 🐨Auzzies and 🥝Kiwis

© Dovetail Research Pty. Ltd.

ABN: 84 615 270 025