Vendorable is committed to best practices around data security and privacy, including the protection of individuals' rights with respect to their personal data, and believes it is compliant with the General Data Protection Regulation (GDPR).

In this article, we'll be covering:

  • What is the GDPR
  • What has Vendorable done to comply?
  • What are my GDPR obligations and how can Vendorable help?
  • What are my Vendorable rights and how can I exercise them?

What is the GDPR?

The GDPR is a European Union regulation that introduces a range of obligations on internet software companies with regard to the personal data they process in doing business. These obligations seek to assure individuals that their personal data are secure and that their rights in relation to that data will be respected.

What has Vendorable done to comply?

For GDPR purposes, Vendorable is both a: 

  • Data Controller: Vendorable collects personal data from its own users; and 
  • Data Processor: Vendorable collects personal data from its users' clients and contacts — e.g., when those clients/contacts submit their names and email addresses during the Vendorable workflow processes. 

In either case, Vendorable is responsible for safeguarding the data it processes — whether the data are acquired and processed on its own behalf or on behalf of its users.

Vendorable has dedicated significant resources to preparing for the GDPR. The following are some of the principal activities we've undertaken in the several months prior to the GDPR's introduction:

  • Research: We've reviewed the text of the GDPR and related guidances to gain a clear understanding of Vendorable's obligations, and we've considered industry best practices in seeking to ensure that we fulfill those obligations.
  • Updates to legal documents: We've updated our Terms of Service and Privacy Policy, and we've prepared a Data Processing Addendum to assist our users in complying with their own obligations under the GDPR.
  • Internal data audit: We've undertaken a review of all the data we collect, including the reasons why the collect that data and what we do with that data, and limiting access to the data by Vendorable personnel where appropriate.
  • Data Management Policy: We've adopted a company-wide Data Management Policy that offers Vendorable personnel a comprehensive guide around their handling of personal data.
  • Vendor review: We've reviewed the GDPR-compliance status of our software vendors to ensure that they are adhering to the GDPR, including by signing Data Processing Addenda with those vendors where appropriate.

Going forward, we'll be working on our internal practices and processes around data security and privacy with a view to continually improving them.

What are my GDPR obligations and how can Vendorable help?

If you are collecting personal data from individual clients or contacts based in the EU, including in the course of using Vendorable, then you may have certain obligations with respect to that data — as a ‘Data Controller' under the GDPR. In those circumstances, we recommend:

  • Ensuring that your Privacy Policy and Terms of Service are up-to-date.
  • Considering how you handle consent from those individual clients or contacts.
  • Getting legal and other professional advice regarding your obligations.
  • Where appropriate, agreeing to Data Processing Addenda with those software vendors that possess and otherwise process the personal data you're collecting.

What are my GDPR rights and how can I exercise them?

If you're an individual whose data Vendorable possesses or processes, then you have a number of rights, including the right to object to certain data processing activities and to rectify data that is inaccurate or complete data that is incomplete. These rights are outlined in greater detail in our Privacy Policy, under "Rights to Information".

To enquire about or exercise these rights, please contact us.

Disclaimer: the contents of this page are provided for informational purposes only, and not meant to serve as legal advice. You should consult with legal and other professional counsel to determine whether and how the GDPR may affect you or your business.

Did this answer your question?