GDPR Commitment

Our Commitment to You and the Protection of Your Data

We’re committed to helping Kutano customers and users understand, and where applicable, comply with the General Data Protection Regulation (GDPR). The GDPR is the most comprehensive EU data privacy law in decades, and went into effect on May 25, 2018.

Besides strengthening and standardizing user data privacy across the EU nations, it introduces new or additional obligations on all organizations that handle EU citizens’ personal data, regardless of where the organizations are located. On this page, we explain how we help our customers comply with the GDPR.

The GDPR’s updated requirements are significant and our global team has adapted Kutano’s product offerings, operations and contractual commitments to help our customer comply with the regulation. Measures Kutano (who processes data on our customer’s behalf) has implemented include:

• Investments in our security infrastructure and certifications
• Updates to relevant contractual terms
• Support for international data transfers by executing Standard Contractual Clauses through our updated Data Processing Addendum, which is available to all customers regardless of the Kutano plan they are using.
• Offering data portability and data management tools including:
  • Profile deletion tool. Help customers respond to user requests to delete personal information, such as names and email addresses, from a Kutano account.
  • Workspace settings center. See your workspace’s plan and settings, or contact an admin who controls the workspace.

We also monitor the guidance around GDPR compliance from privacy-related regulatory bodies, and update our product features and contractual commitments accordingly. We’ll provide you with regular updates so that you’re always current.

Our Security Infrastructure

Protecting our customers’ information and their users’ privacy is extremely important to us. As a cloud-based company entrusted with some of our customers’ most valuable data, we’ve set high standards for security.

Kutano has invested heavily in building robust security processes that can handle a variety of issues — everything from threat detection to building new tools. In accordance with GDPR requirements around security incident notifications, Kutano will continue to meet its obligations and offer contractual assurances.

If you’d like to learn more about Kutano’s security policies and procedures, please see our security page. It provides detailed information on how we approach security and how Kutano ensures user data security in particular, including our technical and organizational measures as well as our encryption standards.

International Data Transfers

To comply with European Union data protection laws around international data transfer mechanisms, we offer European Union Model Clauses, also known as Standard Contractual Clauses, to meet adequacy and security requirements for our customers who operate in the European Union and the United Kingdom. A copy of our standard data processing addendum, incorporating Model Clauses, is available.

While Kutano remains self-certified under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield, we aren’t currently relying on these frameworks for the transfer of personal data.

Updates

At Kutano, we are committed to the security and privacy of your data. So we’re glad to comply and help you comply with the GDPR. If you have any questions about your rights under the GDPR as a user or how Kutano can help you with compliance as a Customer, we hope you’ll reach out to us at privacy@kutano.com. Please also visit our Trust Center to learn more about our privacy, security and compliance programs.

Resources

• Kutano’s Privacy Policy
• Kutano’s User Terms
• Kutano's Data Processing Addendum
• Kutano’s security page
• Full text of the GDPR