StartupResources.io Data Protection Statement

Last updated: May 25th, 2018

Overview

The StartupResources.io team takes our users’ trust in us extremely seriously. We know that your data is important to you, therefore we keep it safe and private.

The EU’s General Data Protection Regulation (GDPR) becomes enforceable on May 25th, 2018, and replaces an older piece of European legislation. We are committed to complying with EU regulations.

StartupResources.io's Roles and Preparedness

StartupResources.io is a Data Controller in the sense of the GDPR.

As such, we are responsible for handling your personal data correctly and ensuring that it is also handled correctly by any 3rd parties we use.

We have ensured that all 3rd parties we use are compatible with the GDPR and that the necessary Data Processing Addendums (DPAs) are in place. We have also ensured that all opt-ins are clear and explicit so that we have your consent for storing your personal information and emailing you, and we have put in place internal processes for ensuring you can exercise your rights, and ensuring an appropriate level of security for your data.

Exercising Your Rights

As a data subject (i.e., an individual whose personal identifiable data may be being processed), you have several rights under the GDPR, including the right to access your data, the right to be forgotten (erased), the right to make corrections, and more.

To exercise any of these rights, for the time being please email [email protected] and state which right you would like to exercise, and we will respond with a confirmation and with the data being requested (if applicable) within the deadlines stipulated by the GDPR. Over time, we may create automated tools to help you exercise certain rights, such as the right to data portability, but these are not ready at the moment, and are significantly complex to create due to reliance on sub-processors to store some pieces of personal identifiable data.

In reference to your rights that modify or remove personal data, please note that we reserve the right to maintain backups up to a period of 30 days. Therefore, personal data as it existed before correction or removal will remain in the form of backups for up to this duration after your requested changes are made.

Status of Our Sub-Processors

Below is the status on our sub-processors:

  • Revue: These folks run our newsletter and store our list of subscribers. They are GDPR compliant and their terms which we have accepted incorporate a DPA.
  • Google: We use Google to store documents, handle email and to perform usage analytics. They are GDPR compliant and their terms which we have accepted incorporate a DPA.
  • Zoho: We use Zoho for email. They are GDPR compliant and their terms which we have accepted incorporate a DPA.
  • Privy: This is a service that facilitates newsletter signups on our website. They are GDPR compliant and their terms which we have accepted incorporate a DPA.
  • Netlify: A static website hosting service we use. They are GDPR compliant and we have signed a DPA with them.

In Summary

We take privacy and data protection very seriously. Should you have any questions about our policies when it comes to data protection and privacy not addressed here or in our privacy policy, we will be happy to answer them as quickly as possible if you email us at [email protected].