Rivet Works has always been dedicated to maintaining the best security for our merchants and their customers. When the EU's new GDPR regulations are implemented, we'll be ready.
What You Should Know
GDPR distinguishes between a data controller (who collects and owns the data) and a data processor (who handles the data on behalf of the Controller). Rivet Works is a data processor. As a business client of Rivet Works, you are usually the controller (unless you happen to be a sub-contracted processor for another company).
When classified as the data controller, Rivet Works business clients must meet certain obligations, such as notifying or obtaining data subject consent.
How Rivet Works Can Help
As the data processor, Rivet Works promises to:
- Keep your data safe, secure, and private
- Disclose our sub-processors and monitor their GDPR compliance
- Keep records of compliance and audit logs as required
- Make available tools to handle data subject requests, such as right-to-erasure and right-to-access
- Notify you of a security breach using your account notification contact
Rivet Works utilizes the following sub-processors when providing our service:
- Amazon Web Services - https://aws.amazon.com/compliance/gdpr-center/
- Mandrill, owned by MailChimp (for the sending of email invitations) - https://kb.mailchimp.com/accounts/management/about-mailchimp-the-eu-swiss-privacy-shield-and-the-gdpr
You also have the option to enable additional Rivet Works integrations (either built-in or through our APIs or webhooks). We do NOT directly evaluate or attest to the GDPR qualifications of integration partners. Each Rivet Works business client is responsible for evaluating any third-party before creating or enabling an integration. These include, but are not limited to:
Legal Information vs Advice Disclaimer: This legal information is not the same as legal advice, where an attorney applies the law to your specific circumstances, so we insist that you consult an attorney if you'd like advice on your interpretation of this information or its accuracy. In summary, you may not rely on this as legal advice, nor as a recommendation of any particular legal understanding.