An overview of how Chameleon complies, what we do to help you become compliant and where you can find more information.
The EU GDPR
The European Union's General Data Protection Regulation (EU GDPR) is one of the biggest changes in regulating data privacy in recent times and came into effect May 25, 2018.
It requires companies to give control of user data to it's users and options to delete and suppress tracking and storage. It creates safeguards in how data is transferred between EU borders and places these requirements on both data stewards and their vendors.
Chameleon's compliance with GDPR
Chameleon is committed to privacy and security and is fully GDPR compliant as of May 25, 2018. We offer the rights associated with this to ALL our users, wherever you are, and not just to EU citizens. This is in line with our principles of best-in-class privacy and security.
To learn more, please review the following documents:
- What data Chameleon collects and why
- Chameleon's security protocols and practices
- How Chameleon provides rights to customers (as a data controller)
- How Chameleon helps customers be GDPR compliant (as a data processor)
- Which data processors Chameleon uses and their compliance status
This is a complex change and touches many aspects of our business so we ask you to be patient as we manage the changes to ensure compliance. If you have any questions in the meantime, please do not hesitate to ask via the messaging widget below or by emailing us: firstname.lastname@example.org.
Data Retention Policy
GDPR states that personal data processed for any purpose shall not be kept for longer than is necessary for that purpose. After that time, the personal data must be securely deleted or updated and archived.
Chameleon will delete all personal data associated with a organization account (including all individual users) after 1 year (365 days) of non-activity.
Data Breach Policy
GDPR introduces a duty on all organizations to report certain types of personal data breach to the relevant supervisory authority and to individuals, within 72 hours where feasible.
Chameleon, upon becoming aware of any breach affecting personal data, Chameleon will notify the affected parties and the relevant supervising authority / authorities.
Data Compliance Officer (DPO)
Under the GDPR, organizations must appoint a DPO, to monitor internal compliance, inform and advise on your data protection obligations, provide advice regarding Data Protection Impact Assessments (DPIAs) and act as a contact point for data subjects and the supervisory authority. if:
- they are a public authority (except for courts acting in their judicial capacity)
- core activities require large scale, regular and systematic monitoring of individuals (for example, online behaviour tracking); or
- core activities consist of large scale processing of special categories of data or data relating to criminal convictions and offenses.
Chameleon does not fall into these categories and is therefore not required to appoint a Data Protection Officer.