How Does the GDPR Affect Spurtcloud and Its Customers?

We are a software company, specializing in order-to-cash solutions. In the normal course of our business activities, we act as processor or service provider on behalf of our customers. Processors and controllers each have their respective obligations under the law. Therefore, even though Spurtcloud may be in compliance with the GDPR, it does not mean that our customers are automatically in compliance with the GDPR.

Responsibilities of Data Controllers

Data controllers are individuals or organizations that determine the purposes and means of processing personal data. Data controllers bear the primary responsibility for complying with the rights of data subjects and responding to data subjects’ requests under the GDPR. Data controllers are also required to implement appropriate technical and organizational measures to ensure the security and confidentiality of personal data, to provide information about the personal data being processed, the purposes of that processing, and the third parties to which that information will be transferred, among other things.

Responsibilities of Data Processors

A data processor processes data according to the documented instructions of a data controller. While a processor does have certain obligations to support and assist the data controller in upholding its own obligations, such as informing the controller of requests it receives from data subjects, its relationship to the personal data and the data subjects themselves is comparatively restricted. Data Processing Addendum If you are a current Spurtcloud customer and need to update or execute a DPA, please contact Customer Support by phone or email info@spurtcloud.com to submit a case. While Spurtcloud continues to certify to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks; it does not rely on such certification as a lawful method of data transfer under the GDPR. Our DPA includes Standard Contractual Clauses along with other appropriate safeguards to address lawful data transfers under the GDPR. Please see the Privacy Shield List at the following link: https://www.privacyshield.gov/list

Use of Sub-processors

Spurtcloud relies on third-party service providers to help provide the Spurtcloud services to you, such as payment processing services and cloud storage providers. We provide a list of our sub-processors here: https://www.spurtcloud.com/sub-processors/

Privacy by Design

Spurtcloud has always been a security-conscious company, and product development at various stages from design to implementation occurs with the privacy and security of personal data in mind. Cookie policy:
https://www.spurtcloud.com/cookie-policy/
See our comments in our cover email. Security and compliance certifications:
https://www.spurtcloud.com/data-privacy-certifications-to-security-and-compliance-certifications/