The General Data Protection Regulation (GDPR) is a data privacy law that gives residents of the European Economic Area (“EEA”) more clarity and control over how their personal data is used. Personal data is anything that can directly or indirectly identify a person, such as a photo, name, bank details, medical information, computer IP address, and so on. This European-wide law replaces the 1995 Data Protection Directive 95/46/EC.
The California Consumer Privacy Act (CCPA) is a new data privacy law, effective January 1, 2020, that applies to certain businesses and is intended to enhance privacy rights and consumer protection for residents of California.
Madeium’s Legal and Information Security and Privacy teams have carefully analyzed applicable privacy laws and regulations and undertaken the necessary steps to ensure that Madeium is in compliance with their requirements.
We value our users’ privacy and their rights to control their personal data. Regardless of where you call home, you may close your account or request the deletion of all personal information we have about you at any time. However, we will only be following the requirements outlined by the GDPR and the CCPA for those living in the EEA and in California, respectively. If you live elsewhere, we will be happy to consider your request to delete your data.
To streamline GDPR compliance, Madeium has a Data Processing Agreement (“DPA”), governing the relationship between the Customer (as defined in the DPA, acting as a data controller or processor, as applicable) of personal data under European Data Protection Legislation; and Madeium (acting as a data processor or subprocessor, as applicable).
Unless otherwise agreed to in writing by you and Madeium, to the extent Madeium processes any EU personal data for you as a controller (as defined by the General Data Protection Regulation (EU) 2016/679) in your role as a Customer, the Data Processing Agreement applies.
Depending on where you are located, you may have certain rights with regard to your personal information. These rights may be limited, for example, if fulfilling a request would reveal personal information about another person, or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping (such as fraud prevention purposes or record retention requirements under applicable laws). In addition, we typically will not remove information you posted publicly or shared with others through or on the Service, as neither you nor Madeium can delete all copies of information that have been previously shared with others on the Service.
If you would like to request to close your account in our system, you can do so through the Madeium Service (once you have logged in, visit settings / user settings, and then click on the close my account link). In addition, you can access, correct, or delete your personal information by making updates to that information through your account. You can also submit a request to us regarding your personal information by emailing firstname.lastname@example.org. Please note that if your information is deleted, then your account may become deactivated. If your account is deactivated or you ask to close your account, you will no longer be able to use the Service.
If you are likely to process EEA-based individuals’ personal data consider checking out these resources:
- Data Protection Self-Assessment (UK Information Commissioner’s Office)
- GDPR FAQs for Small Organizations (UK Information Commissioner’s Office)