AllClients GDPR
Compliance Statement and FAQ’s
Updated: February 10, 2025
What is GDPR?
GDPR stands for the General Data Protection Regulation. It's a comprehensive data protection law passed by the European Union (EU) that came into effect on May 25, 2018. The GDPR replaces the EU’s 1995 Data Protection Directive that required EU member states to enact their own data protection laws with certain minimum standards. The result was a patchwork of different standards and rules across the EU.
Why is GDPR Important?
The GDPR is a significant step forward in protecting the personal data of individuals. It provides individuals with greater control over their data and requires organizations to be more transparent and accountable in how they handle personal information.
Key Principles of GDPR
The GDPR is based on seven key principles:
Lawfulness, fairness, and transparency: Personal data must be processed lawfully, fairly, and in a transparent manner.
Purpose limitation: Personal data must be collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
Data minimization: Personal data must be adequate, relevant, and limited to what is necessary for the purposes for which they are processed.
Accuracy: Personal data must be accurate and kept up to date.
Storage limitations: Personal data must be kept in a form that permits identification of data subjects for no longer than necessary for the purposes for which the personal data is processed. 6. Integrity and confidentiality: Personal data must be processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage.
Accountability: The data controller is responsible for and must demonstrate compliance with the principles.
How Does AllClients Comply with GDPR?
AllClients is committed to complying with GDPR regulations. We have implemented appropriate technical and organizational measures to ensure the security of your data and to protect your privacy rights.
Data Processing Agreement
We have entered into a Data Processing Agreement with our data hosting provider, Rackspace, which ensures that your data is processed in accordance with GDPR requirements.
Data Transfers
We may transfer your data outside of the European Economic Area (EEA), but only to countries that have been deemed to provide an adequate level of data protection.
Your Rights
You have the following rights under GDPR:
The right to access your data
The right to rectify your data
The right to erasure (the “right to be forgotten”)
The right to restriction of processing
The right to data portability
The right to object to processing
The right not to be subject to automated decision-making, including profiling
Contact Us
If you have any questions about our GDPR compliance, please contact us at cases@allclients.com.
FAQs
Q: Is AllClients a Data Controller or a Data Processor?
A: AllClients is a Data Processor. Our customers are the Data Controllers because they determine the purposes and means of processing personal data.
Q: Where is my data stored?
A: Your data is stored on servers hosted by Rackspace, which may be located outside of the EEA.
Q: How does AllClients ensure the security of my data?
A: We have implemented appropriate technical and organizational measures to ensure the security of your data, including encryption, access controls, and regular security assessments.
Q: What happens if there is a data breach?
A: We will notify you as soon as possible if there is a data breach that affects your data.
Q: Can I request access to my data?
A: Yes, you can request access to your data at any time.
Q: Can I request that my data be deleted?
A: Yes, you can request that your data be deleted, subject to certain exceptions.
Q: What if I have a complaint about how AllClients is handling my data?
A: You can contact us at cases@allclients.com to file a complaint. You also have the right to lodge a complaint with a supervisory authority.
Q: Does GDPR apply to me if my business is located in the United States?
A: GDPR applies to any organization that processes the personal data of individuals in the European Economic Area (EEA), regardless of where the organization is located. So, even if your business is based in the US, you need to comply with GDPR if you collect, store, or process the personal data of individuals in the EEA. This could include customers, website visitors, or employees.
There are a few exceptions to this rule, such as if you are processing data for purely personal or household activities. However, it's always best to err on the side of caution and assume that GDPR applies to your business if you have any dealings with individuals in the EEA.
If you're unsure whether GDPR applies to your business, you should consult with a legal professional.