GDPR FAQs

The GDPR is the data protection legislation which became applicable in the European Union that started on May 25^th, 2018, replacing the previously existing European rules and regulations.

The GDPR sets out a unified legal framework for the protection of EU natural persons with regard to the processing of their Personal Data.

Personal Data (“Personal Data”), as defined in article 4.1 of the GDPR means any information relating to an identified or identifiable natural person.

An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. These identifiers include but are not limited to, email addresses, physical addresses, IP addresses etc.

Dasseti has always taken the protection of its clients data very seriously and continuously reviews and adjusts Dasseti's  internal processes to ensure compliance with the GDPR.

In this respect, many technical and organizational measures have been implemented in order to protect the Personal Data of its clients.

Dasseti has a Personal Data Processing addendum that can be provided as a contractual framework for the collection and the processing of Personal Data of its clients, who act as data controllers when using the Dasseti technology and services to which they subscribed. It also sets out the technical and organizational measures which Dasseti has implemented in order to protect the Personal Data of its clients.

Dasseti Technology is not meant to collect and process Personal Data.

When the collection and processing of Personal Data does happen, Dasseti, as a data processor, collects and processes, under clients’ instructions, clients’ Personal Data through the Dasseti technology subscribed to by clients, which may include software as a service (SaaS), mobile applications and software hosted by Dasseti (“Dasseti Technology”), as well as while providing to clients, maintenance and support services and related professional services, if applicable. Therefore the processing and collection of clients’ Personal Data by Dasseti is only done under the instructions of the clients and for the purposes of making the functionalities and associated services to which the clients subscribed, available to them.

Dasseti has always built its technology with the objective of safeguarding the security and confidentiality of Personal Data of its clients. Dasseti Technology includes a functionality enabling clients to define which Personal Data can be used and allow them to limit the collection of Personal Data to the specific purpose of data processing defined by clients. Whenever necessary, Personal Data fields can be configured. The storage of Personal Data can be limited, and clients responding to data subject requests are able to manually access the data, add, rectify, delete or export the data.

Dasseti implements and maintains an information security management system to secure its clients’ Personal Data that is processed by Dasseti in the framework of the services subscribed by clients.

Where clients’ Personal Data is hosted by Dasseti, Dasseti relies on the technical and organizational measures implemented by AWS, which offer various features to secure clients’ Personal Data.

Dasseti is also ISO27001 compliant and SOC 2 compliant.

For clients located outside the European Economic Area (“EEA”), the servers hosting the clients’ Personal Data  are located outside the European Union. The location may vary depending on the clients’ specific requests, determined during contract negotiations and could be done within the EEA. 

Although the appointment of a DPO is not an obligation for Dasseti under the GDPR, Dasseti provides a single point of contact to address any data protection issues. Any data subject may contact us at privacy@dasseti.com to exercise their rights.