General Data Protection Regulation

Last revised on September 1, 2023, effective as of September 30, 2023

The EU General Data Protection Regulation (GDPR) is one of the most comprehensive data privacy laws ever passed. It goes into effect on May 25, 2018. We are committed to GDPR compliance for ourselves and our customers.

What does the GDPR mean for me?

The GDPR codifies rights to users regarding their data. These rights include:

Breach Notification
Under the GDPR, breach notification will become mandatory and must be done within 72 hours of first having become aware of the breach "without undue delay".
Right to Access
Part of the expanded rights outlined by the GDPR is the right for users to obtain confirmation as to whether or not personal data concerning them is being processed, where and for what purpose. Further, users can request a copy of their personal data, free of charge, in an electronic format.
Right to be Forgotten
Also known as Data Erasure, the right to be forgotten entitles users to have their personal data erased, cease further dissemination of that data, and potentially have third parties halt processing of the data. The conditions for erasure include the data no longer being relevant to original purposes for processing, or a user withdrawing consent. It should also be noted that this right requires controllers to compare the subjects' rights to "the public interest in the availability of the data" when considering such requests.
Data Portability
GDPR introduces data portability - the right for users to receive the personal data concerning them, which they have previously provided in a 'machine readable format' and have the right to transmit that data to another vendor.

We at Simple In/Out support user privacy and data rights because it's simply the right thing to do. Since the day we unveiled Simple In/Out, we've only collected the data needed to complete the task at hand. We also allow companies to delete their users and the data that goes with them. This has always been and will remain our policy.

For the GDPR, we're further codifying those commitments. We have put procedures in place to handle requests for data from your users, so we can assist our customers.

Data Processing Addendum

If your organization requires a data processing addendum separate from our Terms and Agreement, we will be offering a version you can consent to within the settings of Simple In/Out. Learn More.

Data Privacy Framework

Simply Made Apps complies with the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Simply Made Apps has certified to the Department of Commerce that it adheres to the Data Privacy Framework Principles. If there is any conflict between the terms in this privacy policy and the Data Privacy Framework Principles, the Data Privacy Framework Principles shall govern. To learn more about the Data Privacy Framework program, and to view our certification, please visit https://www.dataprivacyframework.gov/.