Comment on page
How Beans complies with GDPR
At Beans, we worked hard to prepare for EU General Data Protection Regulation (GDPR), to ensure that we fulfill its obligations and maintain transparency about customer messaging and how we use data.
Here’s an overview of GDPR, and how we prepared for it at Beans:
The GDPR is a comprehensive data protection law that came into effect on May 25, 2018. It replaced existing EU law to strengthen the protection of “personal data” and the rights of the individual. It's a single set of rules which governs the processing and monitoring of EU data.
Yes, most likely. If you hold or process the data of any person in the EU, the GDPR will apply to you, whether you’re based in the EU or not.
Our teams worked hard to ensure we complied with GDPR. This was a massive overhaul of processes and data models to make sure we met our legal obligations and did the best thing for our customers while still letting us move fast, scale, and build great products.
Here are the main things we did:
We built new features
Our teams built new features to enable our customers to easily meet their GDPR obligations. Beans help you meet your data portability requirements; you can easily export all of your data linked to an individual and permanently delete all data linked to an individual user. We will automatically expire data on visitors that have not been seen in 9 months, to ensure we comply with GDPR retention requirements.
We updated our Data Processing Agreements (DPAs):
Strong data protection commitments are a key part of GDPR’s requirements. Our updated data processing agreement shares our privacy commitments and sets out the terms for Beans and our customers to meet GDPR requirements. This is available for customers to sign upon request.
We certified for International Data Transfers:
The EU-US Privacy Shield is a framework negotiated and agreed by the European Commission and U.S. Department of Commerce as a lawful way of transferring personal data. To comply with EU data protection laws around international data transfer, we self-certified under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield framework.
We appointed a Data Protection Officer
We coordinated with our vendors
We’ve reviewed all our vendors, finding out about their GDPR position, and signed Data Processing Agreements with them.