GDPR stands for General Data Protection Regulation. It is a comprehensive data protection regulation that was adopted by the European Union (EU) in 2016 and came into effect on May 25, 2018. The GDPR replaces the EU's previous Data Protection Directive from 1995 and strengthens individuals' privacy rights in the digital age.

The GDPR applies to any organisation that collects, processes, or stores the personal data of individuals in the EU, regardless of where the organisation is located. It defines personal data as any information that can be used to identify a natural person, including names, addresses, email addresses, IP addresses, and even social media posts.

Under the GDPR, organisations must obtain individuals' explicit consent before collecting or processing their personal data, and they must be transparent about the purposes for which the data will be used. Individuals have the right to access, correct, and erase their personal data, and they have the right to object to its processing in certain circumstances.

The GDPR also imposes strict requirements for data security, including the use of encryption and other measures to protect personal data from unauthorised access or disclosure. Organisations that fail to comply with the GDPR can face significant fines, as well as damage to their reputation and loss of customer trust.

Overall, the GDPR is intended to give individuals more control over their personal data and to ensure that organisations are held accountable for protecting it.

3Floorsup has worked hard to prepare for GDPR and strived to fulfil its obligations and maintained transparency about customer data and how we use that data.

Our teams worked hard to ensure we complied with GDPR. This was a massive overhaul of processes and data models to make sure we met our legal obligations, and did the best thing for our customers while still letting us move fast, scale and build great products.

Here are the main things we did:

We will automatically expire data on visitors that have not been seen in 12 months, to ensure we comply with GDPR retention requirements.

Our data processing agreement shares our privacy commitments and sets out the terms for 3Floorsup and our customers to meet GDPR requirements. This is available for customers to sign upon request.

The EU-US Privacy Shield is a framework negotiated and agreed by the European Commission and U.S. Department of Commerce as a lawful way of transferring personal data.

To comply with EU data protection laws around international data transfer, we self-certified under the EU-US Privacy Shield and the Swiss-US Privacy Shield framework.

We are aware that the Schrems II decision invalidated the Privacy Shield framework on July 16, 2020, with immediate effect. Despite this, 3Floorsup continues to adhere to the Privacy Shield obligations and to monitor the proposed implementation of the EU-U.S. Data Privacy Framework , with the intention of becoming fully compliant, once enacted.

We appointed a dedicated Data Protection Officer to oversee our data management. Get in touch through chat or by emailing [email protected]

We’ve reviewed all our vendors, finding out about their GDPR position and signed Data Processing Agreements with them, where appropriate.

Security is a priority for us. We’ve built a robust security framework and have regular external audits, penetration tests and bug bounties and reviewed our internal access design to ensure the right people have access to the right level of customer data.

Check back here regularly for information on our progress.