If you’re using Formaloo for your data collection, you’re in a good place. Formaloo is fully compliant with the EU General Data Protection Regulation. Formaloo is capable of conducting business with all EU-based customers (and all companies working with EU-based clients) since the GDPR deadline, May 25th, 2018.

The GDPR is intended to strengthen individuals’ rights and unify data protection rules across the EU through stricter personal data handling requirements and higher fines for non-compliance. The GDPR applies the processing of data subjects’ personal data by any size of EU or non-EU organization that provides goods or services to the EU or monitors EU users’ behavior.

In the FAQ right here, you can read about how to become 100% GDPR ready when you use Formaloo services in your own websites, mobile applications, products, and even your own servers:

What is GDPR?

In 2016, the European Commission approved and adopted the new General Data Protection Regulation (GDPR). GDPR is a significant change in data protection regulation in the EU and it will come into effect on May 25, 2018.

Who does the GDPR apply to?

The GDPR applies to all entities and individuals based in the EU and to entities and individuals, whether or not based in the EU, that process the personal data of EU individuals.

Is Formaloo GDPR-ready?

Absolutely. We’ve taken various & enormous steps to ensure that we’re ready and compliant. We have reviewed our products and services, customer terms, privacy notices, and arrangements with third parties for compliance with the GDPR.

we’ve updated the Privacy Policy on our website and all related backend operations to cover the new regulations. We added various features to let you control your data retention. We also offer GDPR compliant DPA (Data Processing Addendum) for our enterprise customers that we’ll sign and become legally binding.

I use the Formaloo form and database builder, what do I need to do?

Nothing much, just in relation to your use of Formaloo, you need to be clear and transparent with your clients about your use of a third-party processor (Formaloo) to collect their personal data. Transparency is key under GDPR.

For more information about the third-party processor, please visit the GDPR official website.

What’s the best way to inform my clients that I use Formaloo, and do I have to?

You can update your website privacy notice. Under the GDPR, you’re only required to say that you’re using an externally hosted third party to enable you to provide your service, rather than name Formaloo specifically.

As an example, you could add some wording like this to your website privacy notice: “We use an externally hosted third party to manage and administer your data.”

I’m using Formaloo Enterprise (Self-Hosted), what do I need to do?

When you use Formaloo Enterprise (Self-Hosted), you’ll be the data processor and the data controller.

For more information about the data processor & data controller, please visit the GDPR official website.

You’ll need to make sure to secure your databases & servers and manage the data according to the GDPR.

What is the Formaloo data retention policy?

We retain all your form data for as long as your account is active. When you terminate or cancel your subscription, all your form data will be automatically deleted within 100 days.

Does Formaloo offer Data Processing Addendum?

Yes, we offer Data Processing Addendum (DPA) for our enterprise customers that qualify us as the data controller under the GDPR. Our DPA contains contractual terms that meet GDPR requirements and that reflect our data privacy and security commitments to our clients.

Read about how to view or sign our DPA (Data Processing Agreement)