GDPR Commitments Statement

The GDPR (General Data Protection Act) is considered to be the most important piece of European data protection legislation with regard to privacy. It regulates the collection, storage, transfer, processing, or use of personal data about individuals in the European Union.

At Northbeam, we are fully committed to compliance with international law and regulations, including GDPR.

For customers based in the EU, or providing any service within it, these are the first steps you need to take:

  1. Make sure your Terms of Service or Privacy Policy properly communicate to your users how you are using Northbeam (and any other similar services) on your website or app. The GDPR can heavily penalize you if you’ve not done this clearly, which is why we recommend you ensure your policies are up to date and clear to your readers.
  2. If you are in the European Union, you’ll likely want to sign a Data Processing Agreement with us. Send us an email at compliance@northbeam.io and we’ll email you a copy. After you have reviewed and signed it, we’ll countersign it and provide you with a copy. If you have any questions about the Agreement, just email us and we’ll be happy to clarify them for you.

These are some of the top obligations we at Northbeam have and are committed to comply with:

  1. We will not Process Customer Personal Data other than on your instructions or as required by the GDPR.
  2. We will ensure that our employees or other personnel who Process Customer Personal Data are subject to contractual or appropriate statutory obligations of confidentiality with respect to such Customer Personal Data.
  3. We will implement and maintain technical, organizational, and physical measures designed to protect the confidentiality, integrity and availability of your Customer Personal Data.
  4. We will notify you if we receive a Data Subject Request and advise the Data Subject to submit the request to you.
  5. We will notify you, without undue delay, of a Personal Data Breach after becoming aware of the occurrence.
  6. When engaging any Subprocessor, we will provide you with notification, and enter into a written contract with such Subprocessor containing data protection obligations not less protective than those in the data processing agreement signed with us.
  7. In respect of any transfer of customer data outside the EU or EEA, on your written request, we shall provide Customer with an executed version of the relevant Standard Contractual Clauses.