Approval software data protection
​
GDPR - Approval Donkey
​
Approval Donkey has always been dedicated to maintaining the best security for our customers. When the EU’s new GDPR regulations are implemented, we’ll be ready.
​
What you should know
GDPR distinguishes between a data controller (who collects and owns the data) and a data processor (who handles the data on behalf of the Controller). Approval Donkey is a data processor. As a customer with Approval Donkey, you are usually the controller. When classified as the data controller, Approval Donkey customers must meet certain obligations, such as notifying or obtaining data subject consent.
​
How Approval Donkey can help
​
As the data processor, Approval Donkey promises to:
-
Keep your data safe, secure, and private
-
Disclose our sub-processors and monitor their GDPR compliance
-
Keep records of compliance and audit logs as required
-
Make available tools to handle data subject requests, such as right-to-erasure and right-to-access
-
Notify you of a security breach using your account notification contact (in this case your email address)
Sub-Processors
​
Approval Donkey utilizes the following Sub-Processors when providing our service:
-
Azure Cloud Services – https://www.microsoft.com/en-us/TrustCenter/CloudServices/Azure/GDPR
-
Google Cloud Platform Services – https://cloud.google.com/security/gdpr/
-
SendGrid Email Services - https://sendgrid.com/resource/general-data-protection-regulation-2/
Integration Partners
​
You also have the option to enable additional Approval Donkey integrations (either built-in or through our APIs or webhooks). We do NOT directly evaluate or attest to the GDPR qualifications of integration partners. Each customer is responsible for evaluating any third-party before creating or enabling an integration. These include, but are not limited to:
-
Xero
-
Zapier
​
For questions, feel free to contact us on: info@approvaldonkey.net
​​
Last updated: May 2019