Find the public version of our GDPR commitment here
GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. Information on what measures we take to adhere to these regulations can also be found on our website.
Read more about our commitment here: GDPR Commitment.
Storage of personal data
We store our data with the world’s best, modern cloud storage providers, which we have carefully selected to ensure the safety of your data. Our third party cloud providers have an excellent security track record. We make regular backups, use data encryption, sanitized logging, and common attack prevention.
At TheyDo We maintain a list of subprocessors here.
When looking for a new subprocessor, TheyDo will look into where the subprocessor is based, what certifications they have, and with whom they work. Furthermore, TheyDo signs a Digitial Processing Agreement (DPA) and Standard Contractual Clauses (SCC) with all subprocessors outside the EU.
Data portability and deletion
We have tools available for all customers so that they can easily export their data. And if a customer wants us to delete all data related to their account, they can quickly request this as well. A portability or deletion request can take up to 30 days to complete. Our customers can find information about data export features and data deletion requests in our help center.