What is the GDPR?
The GDPR is the EU General Data Protection Regulation which will be effective from May 25, 2018. It is a law that regulates how companies protect an individual’s personal data. You can find out more about the GDPR here.
Is Book Creator compliant with GDPR?
Absolutely. We take security and privacy extremely seriously, building it into Book Creator from the outset. We are fully compliant with the GDPR.
Is Book Creator a Data Processor or a Data Controller?
We are the Data Processor for all content added to books such as text, images, audio, video.
We will be the Data Controller for account information such as the name and profile picture obtained through the Google, Office 365 or other login methods. (This is on the basis that we are the ones who have decided to use these logins as the mechanism to log users in, and it’s information that we use for our own purposes in making sure users can log into the app and use the app.) Additionally if you purchase a Book Creator subscription we will be the controller of payment details such as your VAT number and billing address. This is the only information in relation to which we are the Data Controller.
Does Book Creator have a contract or data processing agreement for schools?
Yes we do. We provide a Data Processing Addendum to our Terms of Service that sets out how Book Creator processes data and meets the requirements of the GDPR.
Where is my data stored?
We store all data in Google Cloud, which is hosted in the US. Google participates in the EU-US Privacy Shield arrangement and has also signed additional EU model contract clauses with us to offer further safeguards. The model clauses are available here.
This mean that Google protects your information in the US as it would be protected in the EU. Additionally, Google Cloud offers world class data security which you can read about at https://cloud.google.com/security
Please start by reading our Data Processing Addendum which sets out how we meet the GDPR’s requirements.
Should you have any further questions relating to our GDPR compliance, please contact us at firstname.lastname@example.org or alternatively in writing at Red Jumper Limited, 31 – 34 High Street, Bristol, BS1 2AW, England or by phone on +1 (877) 366-5116.