The General Data Protection Regulation
Drip is dedicated to help your business navigate the General Data Protection Regulation (GDPR) and keep your customers’ data safe. GDPR is a complex regulation and the information on this webpage is intended to provide a brief overview of the GDPR and does not constitute legal advice. We suggest you consult with a legal professional who is knowledgeable about these regulations to understand how GDPR applies to your business.
What is the GDPR?
The GDPR is a European law which imposes certain obligations on organizations that handle personal data of EU individuals and provides those individuals with specific privacy rights and protections. The UK has also implemented its own version of the GDPR, known as the UK GDPR, which provides the same rights to UK individuals. For the most part, the EU and UK GDPR mirror each other and so for the purposes of this FAQ, references to the GDPR are to both EU and UK versions.
What is Personal Data?
Personal data is any information that relates to an identified or identifiable natural person. The concept is broad and covers traditional identifiers (such as email address, name, phone number, or billing / shipping address) and non-traditional identifiers (such as IP addresses or device IDs).
Does GDPR apply to my business?
If your business is established in the EU or UK, or handles the personal data of individuals in the EU or UK, then the GDPR may apply to your business. For example, if you have customers based in the EU and / or UK and you collect their name, email address or payment details to provide your service to them, the GDPR may apply.
What is My Business’ Role Under the GDPR?
The GDPR imposes certain obligations on businesses. The extent of your obligations depends on your role in relation to the personal data you handle. For example, if you collect personal data for your own purposes (i.e., you are determining the “why” and “how” of the collection of personal data), you will be a data controller. A common example is where a company collects its customer’s name and email address to set up a user account to enable the user to access a customer portal on the relevant service.
Alternatively, if you are just processing personal data on behalf of another organization, for example, as a service provider and you do not use the personal data for any purpose of your own, you will be a data processor.
Where Does Drip Fit in With My Business and the GDPR?
Drip provides a tool that processes the data you collect to help you make better marketing decisions. In most instances, Drip acts as a service provider and takes on the role of a data processor. Please refer to our Data Processing Addendum , which forms part of our terms of service, for information about the terms on which we receive and process personal data on your behalf.
For information about how we process any personal data as a data controller, please refer to our privacy notice.
Where are Drip’s Servers?
Drip is headquartered in the United States. Our servers are also located in the United States. This means data we process may be transferred to, stored, or processed in the United States.
Drip and EU-U.S./Swiss-U.S. Data Privacy Frameworks
Drip is certified with the EU-U.S. EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by U.S. Department of Commerce to protect EEA, UK, and Swiss data in compliance with the newly adopted EU-US Data Privacy Framework Principles.
How can I use Drip Features to help comply with GDPR
For more in-depth setup instructions, please head over to our more in-depth instructional article found here.