GDPR

Last date modified:
August 20, 2024

On May 25, 2018, the European Union rolled out the General Data Protection Regulation (GDPR). It's a big deal in the world of data privacy, aiming to protect personal data for folks in Europe.

The GDPR puts some responsibilities on companies (yes, including us at Finsweet) to keep personal data safe. This includes things like:

  • Making sure we have good security
  • Keeping records of how we use data
  • Being careful when we transfer data out of Europe

It also gives individuals in Europe some rights over their personal data. We'll get into those rights later in this guide.

Let's break down some definitions

We know legal jargon can be confusing, so let's clarify some key terms:

Controller

This is the company or organization that decides how and why personal data is processed.

In simpler terms: If you're using Wized to build a web app, you're the controller for the data your app collects. You decide what data to collect and how to use it.

Processor

This is the entity that processes personal data on behalf of the controller.

In simpler terms: That's us! When you use SAYU's Products like QR Generator or Stylescapes Haven, we're processing data based on how you've set things up.

Personal Data

Any information that can be used to identify a specific person.

In simpler terms: This could be anything from a name or email address to an IP address or cookie data.

Europe

For these FAQs, we're talking about countries where the GDPR applies. This includes all EU countries, plus Iceland, Liechtenstein, Norway, and the UK.

How SAYU fits into the picture

We wear different hats depending on how you're interacting with us. Let's break it down:

  1. If you're signed up for our newsletter, we're the controller of that personal data. Our privacy policy governs how we use this information.
  2. If you're using our Products like QR Generator or Stylescapes Haven, you're the controller of any data collected through those sites or apps. Our Products are tools that help you build and manage your sites, but we don't store or process the data your sites collect.
  3. If you're an end-user of a website or app built with SAYU Products, we don't have a direct relationship with you. The owner of that website or app is the controller of your data.

Your responsibilities as a SAYU customer

Does SAYU handle all my GDPR compliance?

Not quite. While we make sure our Products and Services are designed with privacy in mind, you've got your own responsibilities too. If you're collecting data from folks in Europe through a site or app you've built with our tools, you need to make sure you're following GDPR rules.

Do you need to make my site or app GDPR compliant?

If you're collecting personal data from individuals in Europe, then yes, you probably do. The GDPR applies regardless of where you're located if you're handling data of people in Europe.

Do you need to do to be GDPR compliant?

There's no one-size-fits-all answer here. GDPR compliance can involve things like:

  • Getting proper consent to collect data
  • Providing clear privacy policies
  • Ensuring data security
  • Respecting data subject rights

We'd recommend chatting with a lawyer who knows about privacy laws to get specific advice for your situation.

Data storage and processing

Where is data stored when using SAYU Products?

It's important to understand that SAYU doesn't store the data that flows through the websites or applications you build using our Products. Our Products are designed to help you create and manage your web projects, but the actual data storage and processing may happen on your end or with the Services you integrate (like databases or APIs).

How does SAYU handle data transfers?

Since we don't store or process the data from your SAYU-built projects, we're not directly involved in data transfers. However, our Products are designed to work seamlessly with various data storage and processing solutions, allowing you to choose and configure the options that best meet your data protection needs.

What about subprocessors?

While we use some third-party Services to help us provide our Products and Services, these don't interact with the data in your SAYU-built projects. They're primarily used for things like hosting our website, managing our customer relationships, and providing support.

Security

At SAYU, we take security seriously in the design and development of our Products:

  • Our Products are built with security best practices in mind.
  • We regularly update our Products to address any discovered vulnerabilities.
  • We provide guidance on secure implementation of our tools.
  • We offer features that help you implement secure authentication methods.

Remember, while we provide the tools, it's up to you to ensure they're implemented securely in your projects.

If you don’t agree, stop using our services

Make sure sure you agree to this Policy and every policy that’s part of the Agreement. If you don’t, you should discontinue use of SAYU's Products and Services immediately.

Changes to this Policy

We may update this Policy from time to time to reflect changes in our Services, legal requirements, or business practices. If we make any significant changes, we'll notify you by email or by posting a prominent notice on our website before the changes become effective. We encourage you to review this Policy periodically for the latest information on our service policies. Your continued use of Finsweet's Services after any changes constitutes acceptance of the updated Policy. If you don't agree with the revised Policy, you should discontinue use of our Services.

Contact us

We’re ready to help clarify anything about our Agreement.

If you have any questions or concerns, please contact us at:

SAYU Studio

Email:hello@sayu.studio