How we Handle GDPR

The General Data Protection Regulation (GDPR) establishes laws governing the privacy of individuals in the European Union. Any company processing personal data of EU residents must comply with these regulations, regardless of where the company is based. While this document isn't legal advice, it explains the GDPR features built into Dapple. Within GDPR terminology, you are the "controller" and Send Something is the "processor," handling data on your behalf.

Dapple helps your organisation comply with GDPR by respecting the following rights:

Dapple commits to notifying affected parties within 72 hours of discovering a data breach.

Your users can ask if and how you're using their personal data. Dapple allows you to search for users by name to locate their information. We also provide self-service features enabling users to track their submission status and review their previously submitted data.

Users have the right to request deletion of all personal data you process, except information required for legal purposes such as taxation. This extends beyond personally identifiable information to any data directly linked to that individual.

Users have the right to export their data in a "commonly used and machine readable" format. Send Something provides tools allowing users to easily export their data as CSV files.

Dapple maintains user data securely and privately. We don't share this data with third parties, we're transparent about data usage, and we only process what's necessary.

Dapple enables your organisation to display custom terms and conditions with a consent checkbox for your users. Our application also allows users to withdraw consent as easily as they provide it.

We maintain complete data residency within the United States, storing all organisational data securely in our US-based facilities. For international customers, we implement robust data transfer mechanisms as detailed in our Customer Terms of Service, adhering to global data protection standards.

Dapple thoroughly vets all data subprocessors to ensure they meet GDPR's stringent requirements. An up-to-date list of our current subprocessors, including their processing purposes and locations, is available on our Subprocessors Page.

Dapple closely monitors changes to data privacy laws to maintain compliance. We regularly update our Customer Terms of Service and Data Processing Agreement accordingly, including clear guidance on GDPR applications. The latest versions of these documents are always available on our website, along with details on updates related to user consent and data erasure.