GDPR Commitment

Find the public version of our GDPR commitment here

GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. Information on what measures we take to adhere to these regulations can also be found on our website.

Read more about our commitment here: GDPR Commitment.

Storage of personal data

We store our data with the world’s best, modern cloud storage providers, which we have carefully selected to ensure the safety of your data. Our third party cloud providers have an excellent security track record. We make regular backups, use data encryption, sanitized logging, and common attack prevention.

Subprocessors

At TheyDo We maintain a list of subprocessors here.

When looking for a new subprocessor, TheyDo will look into where the subprocessor is based, what certifications they have, and with whom they work. Furthermore, TheyDo signs a Digitial Processing Agreement (DPA) and Standard Contractual Clauses (SCC) with all subprocessors outside the EU.

Your privacy

Our customer’s privacy is essential to us, so we want to be transparent about collecting, using, and sharing your information. We have split our privacy policy into two separate policies: a policy for our anonymous website visitors and one for our logged-in users. They can be found here: Website Visitor Privacy Policy, User Privacy Policy.

Data portability and deletion

We have tools available for all customers so that they can easily export their data. And if a customer wants us to delete all data related to their account, they can quickly request this as well. A portability or deletion request can take up to 30 days to complete. Our customers can find information about data export features and data deletion requests in our help center.