No matter what sector or line of business you’re in, it’s important to be aware of and understand the General Data Protection Regulation (GDPR). It’s a set of laws introduced by the EU which came into force in May 2018 setting out the obligations of organisations to handle personal data in a secure and transparent manner. GDPR applies to businesses established in the EU and any business that processes data of EU citizens who are being offered goods or services or whose behaviour is being monitored.
We work hard at Turtl to ensure that every aspect of our own operations is GDPR-compliant, but we also want to make it easier for our customers and partners to achieve compliance in the use of our software. As such, we are fully committed to provisioning Turtl software with functionality to help you comply with GDPR.
ImportantYou will need to take your own legal advice to satisfy yourself that your intended use of our software complies with GDPR.
GDPR sets out seven principles which are summarised below along with information on how Turtl complies with each.
|Principle||How Turtl complies|
Or if you prefer to use Turtl’s native forms, you can customise these by adding a link to your own privacy notice.
|Data minimisation||Turtl only processes personal data provided to us by you, as well as a limited set of analytics data generated by our software.|
|Accuracy||The majority of information stored by Turtl is analytics data, which is very unlikely to be inaccurate or incomplete, or any personal data contained within Stories. Turtl will assist you as reasonably required to comply with any requests by data subjects to exercise their rights to rectify of erase personal data under GDPR.|
|Storage limitation||Turtl deletes personal data within 30 days of the end of a customer contract. This includes all data in production systems and in backup datasets.|
|Integrity and confidentiality||Turtl takes data security extremely seriously and has a complete set of controls in place to keep your data safe, including best-practice security measures and ISO27001 certification.|
|Accountability||Turtl is transparent about its use of sub-processors to enable you to document such use in accordance with GDPR.|
If you have any further questions about how Turtl makes it easy for you to comply with GDPR when using our services, please get in touch.