The GDPR (General Data Protection Regulation) is the EU Regulation which came into effect on May 25th 2018 and replaced the 1995 EU Data Protection Directive (DPD).  The GDPR significantly enhances the protection of the personal data of EU citizens and increases the obligations on organizations who collect or process personal data.

The GDPR lays out specific requirements for businesses and organizations who are established in Europe or who serve users in Europe. It:

• Regulates how businesses can collect, use, and store personal data
• Builds upon current documentation and reporting requirements to increase accountability
• Authorizes fines on businesses who fail to meet its requirements

Data subjects are the readers and community members who upload their photos, videos and stories to your organisation’s Contribly account. We refer to these readers and community members as contributors.

Contribly is the Data Processor. We process your readers’ and community members’  photos, videos and stories and any additional data, for your organization to use. 

Your organisation is the Data Controller. You decide what information to request, and capture consent from contributors.

The live system components and user data are stored on Amazon Servers in the EU region (Republic of Ireland) and Google Cloud EUROPE-WEST2-a region 

Encrypted backups of the user data are held on Amazon S3 servers in the EU region (Republic of Ireland)

Contribly’s moderation tools enable you to carry out your responsibilities as the data controller. 

Specifically:

1. Providing transparency to your contributors on how you will use their data and capturing consent for intended use on your Contribly upload widgets
2. Only asking for the data you need – use the Contribly tools to configure your upload widgets so that each request only asks for the minimum information required
3. Deleting data – use Contribly tools to delete individual uploads, or whole call-outs. 
4. Responding to data subject’s requests – use the Contribly moderation tool to do this. 
5. At any time, all your contributors’ data can be deleted and/or downloaded by you as the data controller using the Contribly APIs.  

Contribly is and will continue to be committed to and fully compliant with GDPR.