The General Data Protection Regulation (GDPR) is a legal framework which went into effect on May 25, 2018. It is designed to give EU citizens more control over their personal data. The GDPR is regulates how internet companies track and store customer information. Bonsai is compliant with the GDPR for all customers, regardless of whether or not they are citizens of the EU.
How is Bonsai GDPR Compliant?
Bonsai has never sold email addresses or private information, does not track users' activity across the web, and does not otherwise spy on users. However, in order to be fully compliant and extend the privacy protections of GDPR to customers around the globe, Bonsai took the following measures prior to the GDPR's effective date:
- Performed a software audit focused on collection and use of customer data, and purged some metrics deemed unnecessary for business.
- Removed Facebook tracking pixels and replaced with GDPR-compliant frontend components.
- Removed third party integrations that do not comply with GDPR.
- Created a process for our European customers to sign a Data Processing Agreement (DPA) with Bonsai. To sign a DPA, please reach out to firstname.lastname@example.org.
- Any changes to our policies will be alerted to you via email.
- Personal Information Section. This outlines how we use PII (personal identifiable information).
- Purposes of Personal Information Processing Activities Section. This section identifies where we use your information to denote GDPR compliance.
- How We Share Your Personal Information with Third Parties. We do not share your personal information unless there is a legitimate business interest to do so (Article 6.1). Historically this has always been true at Bonsai, but now it is explicitly stated in our policy.
- How You Can Access or Change Your Personal Information. This section explains how to update or remove your information.
- Cookies. This section outlines what cookies are, what kind we use, and why Bonsai uses them. It also provides resources for removing cookies from your browsers and opting out of advertisements.
- Data Security, Integrity and Retention. This is an updated and renamed section from the previously named "Protection of PII."
- Retention of Personal Information. Specifies the length of time Bonsai retains your information.
- Third-Party Links on Our Websites. Covers any case in which Bonsai might link out to another site that may not have the same level of protection of personal information as Bonsai.
- Children’s Personal Information. Clarifies that Bonsai does not collect information on minors, and only allow the use of our Services for individuals over 18.
- International Transfer of Information. Bonsai's adherence to privacy laws in the countries where our users and their data is located.
- International Users & Data. This is a big section that accounts for a lot of the changes for GDPR. It outlines the rights of EEA citizens, how Bonsai will adhere to them, and covers some abnormal cases that would prevent fulfilling those rights - such as legal proceedings or investigations, which are highly unlikely.