Gazelle Is Fully GDPR Compliant
The European Union's GDPR (General Data Protection Regulation) regulates the collection of consumer data inside the EAA (European Economic Area). However, it also applies to international companies doing business in the EAA (such as Gazelle).
It is important to understand how Gazelle is regulated under this law and what your responsibilities are as a business/individual operating within the EAA who is using Gazelle to process your data.
What are my obligations under GDPR?
- Ensure you understand GDPR and comply with its regulations outside of your interaction with Gazelle
- Ensure that all your 3rd party vendors (like Gazelle) are GDPR compliant and that you have signed DPA's with each of your vendors. (See video below)
Important Information About Gazelle & GDPR
" Controller "
A Controller is anyone (usually a business)
who collects data directly from a customer in the EAA.
" Processor "
A Processor is anyone (usually you or one of your vendors)
who handles the data you collect from your customers in the EAA.
" Onward Transfer "
Onward Transfer is a term used to regulate any data that is collected
from EAA consumers and then processed outside the EAA
(Such as Gazelle, which processes our data outside the EAA)
When is Gazelle a Processor?
Gazelle serves as a "Processor" of your data any time you act as a "Controller" who collects data from your customers and then manually input it into Gazelle. This could be a customer who is on your website filling out a form, or talking to you on the phone. The moment you enter their data into Gazelle you are the "Controller" and Gazelle is your "Processor".
When is Gazelle a Controller?
Gazelle serves as a "Controller" on your behalf when we interact directly with your customers. Think about an example when a client is self-scheduling their appointment on our website. In this scenario Gazelle is acting as both a "Controller" and a "Processor" of the consumer data we collect on your behalf.
What is a DPA?
A "Data Protection Addendum" is a legal contract signed between you and Gazelle (or Gazelle and one of our 3rd party vendors) ensuring GDPR protection for all the data we (or our vendors) process on behalf of our EAA customers.
What is Privacy Shield?
GDPR is a EU Regulation. Gazelle complies with the GDPR Regulation through the EU-US and Swiss-US Privacy Shield Agreement (much like a treaty). The US Government certifies US Companies as GDPR Compliant using the EU-US and Swiss-US Privacy Shield Agreement.
When Does Gazelle 'Onward Transfer' My Data?
-Gazelle is located in the United States of America. As such all of the data we process on your behalf is regulated under the "onward transfer" clauses of GDPR. Being GDPR compliant means we comply with specific provisions of the law and encrypt all your data in transit (and at rest).
-Gazelle sends some of your data to 3rd party vendors like Google Maps (for routing), Amazon & Google (for hosting), and other 3rd party suppliers who help us perform tasks necessary to the operation of our business, services, and operations. Being GDPR Complaint means we have signed DPA's with all of our 3rd party vendors ensuring they are also GDPR complaint.
-Gazelle also backs up your data using servers in Australia. Being GDPR Compliant means we have to ensure the Australian Government (and the Government of any other country we park your data in) has signed onto a treaty governing GDPR compliance.
In each of these 3 scenarios you and Gazelle share different obligations under the law.
For Questions Contact:
c/o Luke Ehresman