NOTE: The following information is provided to help you understand general concepts about privacy laws and data protection. It is not legal advice, and you should speak to legal counsel regarding how GDPR or PIPEDA affects your organization.
🇪🇺 What is the GDPR?
The GDPR stands for General Data Protection Regulation, which imposes rules on companies processing personal data of “subjects” residing in the European Union. This means that any information related to a natural person or “Data Subject” that can be used to directly or indirectly identify the subject must be processed according to the GDPR guidelines.
Enforcement of the GDPR began on May 25, 2018. For more information on the regulation, please view their website at https://gdpr-info.eu/.
If you are an organization that is organized in the EU and / or processes personal data of EU citizens, then you must also comply with the GDPR.
There are two classifications for your organization:
Data Processor - organizations are classified as processors if they store or process personal data on behalf on another organization.
Data Controller - organizations are classified as controllers if they determine the purpose of storage and / or processing of personal data.
Some organizations may be both processors and controllers.
When my organization enters personal data into Method, am I a controller or a processor?
You are the data controller. The data you enter into our CRM is controlled and managed by your organization. You decide how the data is used, when the data should be updated, how long you should keep it, etc.
What role does Method play?
According to the GDPR, Method plays both classification roles.
As a Data Controller - Method handles data about our customers for our own purposes, such as marketing activities.
As a Data Processor - Method provides software to our customers which allows them to become data controllers of the data they store about their customers.
Is Method GDPR compliant?
Yes. Please review our Terms of Service and Privacy Policy, which have been in effect since May 25, 2018.
These are just some of the many steps Method has taken to meet the data transparency goals of the GDPR. This continues our practice of protecting your data and providing for the legal and secure handling of your organization’s critical business information.
NOTE: The information above is provided to help you understand Method's role as processor of your data, the rights of your users, and the responsibilities you hold as a controller of their data. It is not comprehensive and is not legal advice.
🇨🇦 What is PIPEDA?
PIPEDA stands for Personal Information Protection and Electronic Documents Act, a Canadian law relating to data privacy. It governs how private sector organizations collect, use and disclose personal information in the course of commercial business.
Is Method PIPEDA compliant?
Although, Method has not gone through being explicitly PIPEDA compliant, Method is compliant with GDPR, which is substantially similar to PIPEDA. If you have any concerns, please contact us.
Why was this policy created?
The policy was created with the intention of safeguarding citizens by giving them control of their personal data. We respect our users’ privacy, and as such we have updated our Privacy Policy to comply with the GDPR guidelines.