Providing our users with all the information they need on Cobalt's GDPR readiness
At Cobalt, we are committed to being transparent with our customers regarding our privacy practices and compliance with European Union (EU) privacy regulations. We value your trust and are dedicated to protecting your privacy.
Our commitment to protecting the privacy of our customer’s data includes:
- Following best in class security practices. Described in detail here
- Leveraging third-party experts to conduct annual penetration tests
- All employees and contractors are subject to background checks, sign non-disclosure agreements and are subject to ongoing security and privacy training.
What is GDPR?
General Data Protection Regulation (GDPR) proposed by the European Commission will strengthen and unify data protection for individuals within the European Union (EU), whilst addressing the export of personal data outside the EU. The GDPR not only applies to organisations located within the EU but it will also apply to organisations located outside of the EU if they handle EU citizens’ personal data. The compliance deadline for GDPR is May 25, 2018.
Preparing for the GDPR
We have been working hard to ensure compliance with GDPR ahead of the deadline. Below are some of the things we are working on specifically for GDPR:
- We have appointed a dedicated VP, Chief Security Officer, who can be reached via email at firstname.lastname@example.org
- We have signed Data Processing Addendums (DPAs) with all of our vendors to ensure onward transfer of your data is safe
- We have a Data Processing Addendum (including Cobalt Sub-processors) that sets out terms for us to meet our GDPR requirements with our customers (send email to email@example.com to obtain signed DPA)
- We provide ways for users delete their accounts at any time. See instructions here.
The content on this page is provided for informational purposes only and the information shared here is not meant to serve as legal advice. You should work with legal and other professional counsel to determine exactly how the GDPR may or may not apply to you.