Regulation (EU) 2016/679, the General Data Protection Regulation (“GDPR”), is European privacy legislation that takes effect May 25, 2018. It will replace the existing EU member state laws that implement the EU Data Protection Directive, which has been in existence since 1995.
Book Like A Boss is covered by the GDPR in situations where Book Like A Boss processes personal data of Book Like A Boss customers, including but not limited to customer end users, if those individuals are located in the EU.
Book Like A Boss may operate as either a Data Controller or Data Processor depending on the circumstances.
With respect to the personal data of its customers, Book Like A Boss generally is a Data Processor and Book Like A Boss’ customer is the Data Controller. The Book Like A Boss customer, the Data Controller, determines the purposes and means of the processing of personal data. Specifically, Book Like A Boss customer decides what personal data to share with Book Like A Boss in order for Book Like A Boss to provide the customer with robust risk score information, certain licensed data, the ability to flag potentially fraudulent activity, and other services as purchased by the customer. In these situations, Book Like A Boss, as the Data Processor, processes personal data on behalf of the Book Like A Boss customer Data Controller at that company’s direction.
Book Like A Boss also operates as a Data Controller with respect to certain of its services and/or databases. When Book Like A Boss combines personal data from different customers, like many kinds of analytics services, it may do this both as a Data Processor at its customers’ instruction and as a Data Controller itself for the purpose of providing services to all of its customers. For example, Book Like A Boss may process and aggregate some of the personal data that a customer shares with Book Like A Boss in order to make that personal data part of another database for one or more other services provided to Book Like A Boss customers. The personal data shared may be combined with personal data elements chosen and provided by other customers.
Where Book Like A Boss operates as a Data Processor, Book Like A Boss will notify its customer if Book Like A Boss receives a request from a data subject to exercise the data subject’s right of access, right to rectification, restriction of processing, erasure (“right to be forgotten”), data portability, objection to processing, or right not to be subject to automated individual decision making (“Data Subject Request”). Book Like A Boss will also assist its customer in responding to a Data Subject Request, where legally required and permissible. Book Like A Boss’ customer is responsible for any costs arising from Book Like A Boss’ assistance with Data Subject Requests.
Customers who have agreed to our online End User License Agreement (EULA) do not need to execute a separate Data Processing Addendum. The online EULA contains GDPR provisions.
Customers who have offline contracts (i.e., non-EULA) may execute a Data Processing Addendum with Book Like A Boss. Click here for a copy of our DPA.