loading

General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is a regulation that protects the data privacy of individuals of the European Union (EU). It offers EU individuals greater transparency and controls over how their personal data is used by others.

The GDPR was adopted by the European Commission in 2016 and came into effect on May 25, 2018.

Disclaimer: This document should not be considered legal advise. Please consult a legal professional to better understand how the GDPR impacts your business.

Does the GDPR impact businesses outside of the EU?

The GDPR applies to all business that collect personal information about EU individuals, even if the business is located outside the EU. So yes, in many cases, companies outside of the EU will be impacted by the GDPR.

Does the GDPR require data to be stored in the EU?

No, the GDPR does not require that data processing be limited to the EU. There are several valid lawful mechanisms to transfer data between the EU and other countries.

We are a Canadian company and rely on a an adequacy decision made by the European Commission for the safe transfer of personal data from EU to Canada. For any onward transfers of data to the United States or other countries, we ensure similar adequate transfer mechanisms are in place.

How the GDPR affects Enchant

The GDPR defines two primary roles: controllers and processors.

When using our products and services, you operate as the controller. You have the responsibility for ensuring that the personal data you are collecting is being processed in a lawful manner and that you are using processors, like Enchant, that are committed to handling the data in a compliant manner.

Enchant is considered a processor. We act on the instructions of the controller (you), which come in the form of configuration and actions completed in our products and services. Similar to controllers, processors are expected to describe how they handle personal data, which we have outlined in this document and our privacy policy. As a processor, we rely on our customer to ensure that there is a lawful basis for processing.

We've updated our policies and agreements to ensure that any business that requires a GDPR-compliant processor can use Enchant. We also offer a GDPR compliant data processing addendum.

Signing our Data Processing Addendum

Your account owner can sign our DPA by following these steps:

1. When logged in to Enchant, from the bottom left corner of the screen, click the cog icon on app navigation bar.

2. From the sidebar on the left, click on Legal option under the Company section. Note that this is only visible to the account owner.

3. Ensure your company information is up to date
4. Ensure you've accepted our Terms of Service & Privacy Policy
5. If applicable, add information about your Data Protection Officer (DPO) and European Representative
6. Beside the "Data Processing Addendum" section, click on "Review and Accept"

7. Read through and review our DPA. Assuming you're authorized to do so, click on "I Accept"

Note: Due to the large number of teams we work with, it's not practical for us to customize the Terms of Service or the DPA.