Announcing Zamzar’s GDPR compliance

GDPR General Data Protection RegulationThe General Data Protection Regulation (GDPR) is upon us! Hopefully this spells the last of companies you have never heard of desperately trying to get you to click a button in an email!

At Zamzar we aren’t interested in using your data as a marketing commodity, and we never have been. We wrote last month about the hard work we have been doing to extend the data protection measures we already take to add extra safeguards for your data.

Today we are pleased to announce that we have completed the steps necessary for full GDPR compliance.

What steps has Zamzar taken?

We have taken a number of measures to increase protection for your data – here’s a summary of the key points:

> Strengthened security for your data
We have taken a number of steps to further improve how we secure your data. At the start of the year we turned on secure HTTPS encryption for all users of the main Zamzar website, and more recently we have switched many of our internal services to encrypt your data when it is “at rest” (i.e. stored) within our infrastructure.

> Rigorously reviewed our 3rd party vendors
We use a number of third party services to convert your files and have taken the opportunity to review each of their data practices to ensure they provide contractual guarantees for keeping your data safe.

> Dropped personalised advertising in the EU
We have taken the decision to stop serving personalised advertising to anyone using Zamzar’s main website from the EU. Ads will still be served, but no personalised data will be shared with 3rd party advertisers.

> Updated Policies
We have updated our Terms of Service and Privacy Policies to provide detailed information on how we access, process and handle your data, who we share it with it and what steps we take to secure it. We have also made our Cookie Policies clearer (see our Web and API versions).

> Made available a Data Processing Agreement (DPA)
We have put together a standard “Data Processing Agreement” (DPA) which you can sign if you use Zamzar’s services to process data for your own customers. Email us at dpa@zamzar.com if you’d like a copy of this agreement.

What does this mean for YOU?

The steps we have taken will ensure that when you use our services you will have even stronger guarantees that your data is protected. You can check to see what data we store, how long we store it for, who we share it with and crucially what your rights are in relation to it.

We have pro-actively applied most of these measures to all customers (not just EU citizens).

What do you need to do?

You don’t need to take any explicit actions to carry on using Zamzar, but should review our new Terms and Privacy policies so that you are aware of how we handle your data.

If you use our website (at https://www.zamzar.com)
You should review our new Terms of Service and Privacy Policy to make sure you are happy with the contents before using our services.

If you use our Developer API (at https://developers.zamzar.com)
Check out our updated Terms or Service and Privacy Policy to ensure you understand how we handle your data.

If you use Zamzar as a “Data Processor”
If you use our services to process your own customer data the GDPR requires you to sign a “Data Processing Agreement” with us. If you signed up for an account to use our services before 25th May we provide a standard Addendum that you can sign – just email us at dpa@zamzar.com to request a copy. If you signed up after that date check out our standard DPA agreements for the Web App and API.

Still have questions?

If you have any questions about Zamzar and GDPR do let us know by emailing us at info@zamzar.com and we’ll get back to you.

This is just the beginning …

Protecting your data is a journey and it doesn’t end with an arbitrary deadline. Tomorrow we’ll be back working hard to provide you with amazing file conversion services and taking steps to continue keeping your data safe and secure.

Happy converting!
The Zamzar Team.

 

Advertisements

Zamzar and GDPR

GDPR General Data Protection RegulatioHas your email inbox been flooded with dozens of notices about “privacy policy updates” recently?

If so, this is likely the result of the forthcoming General Data Protection Regulation (GDPR), which comes into force in less than four weeks time on 25th May 2018.

It provides long overdue protections for the data of EU citizens and places legally-enforceable responsibilities on businesses that process this data. Zamzar strongly supports this new regulation since it will provide better transparency and protection for your data, values that are already at the centre of what we do.

What is GDPR?

Much ink has been spilled attempting to explain GDPR, but at a high-level:

  • GDPR is a new EU regulation that replaces national-level EU privacy and security laws with a single, all-encompassing EU-wide law. It regulates how businesses like ours gather, use, share and transfer personal data.
  • It is likely to affect most companies (hence your bulging inbox). The regulation is not limited to companies based in the EU, since it is concerned with where personal data comes from – if it originates from within the EU it is covered.
  • Crucially it strengthens protections for you as an end user of Internet services. It means Facebook can’t absent-mindedly lose control of the data for 87 million users, and Eldon Insurance can’t use your car insurance data for political advertising without consequences.

If you’d like to read more about the technicalities of GDPR there are handy overviews from both BBC news and Wired. The UK Information Commissioners Office (ICO) provides a meaty 162-page guide to GDPR and if you want to go direct to source you can read all 99 Articles of the GDPR directly on the main EU legal site.

What is Zamzar doing about GDPR?

Along with many other companies we are putting the finishing touches to our GDPR compliance, and will be publishing more information over the coming weeks.

In the meantime here is an overview of our plans:

  1. We will be fully GDPR compliant by the implementation deadline of 24th May 2018.
  2. We are currently working on updates to our terms and privacy policies which will be made available to users for review in the coming weeks.
  3. We are reviewing relationships with 3rd party vendors to ensure that any Data Processors we use are fully GDPR compliant.
  4. On our main file conversion website we are reviewing relationships with 3rd party advertisers to offer stronger protections for user data when serving advertising.
  5. We are taking steps to further enhance internal security measures to provide even stronger protection for your data. For example we recently rolled out “at rest” encryption for files processed through our Developer API. We will be posting updates about these measures in coming weeks too.
  6. Where a customer deems us to act as a “Data Processor” for their data we will be providing an extra “Data Processing Agreement/Addendum (DPA)” to ensure customers can meet their own GDPR commitments. If you would like to be provided with this agreement please contact us at info@zamzar.com.

In short, GDPR helps us to build on top of practices that have been at the core of what we do since we started Zamzar over 10 years ago. Our business prospers when we can competently, securely, quickly and professionally assist with your file conversion needs. We don’t need or want to trade your personal data to stay in business, nor have we ever sought to do so.

When will I hear more from Zamzar?

We will be posting further updates here on our blog and our Twitter and Facebook pages over the coming 4 weeks. In the meantime if you have any further questions related to our GDPR compliance please do get in touch with us at info@zamzar.com.

Happy secure converting!
The Zamzar Team.