Overview
The General Data Protection Regulation (GDPR) provides data protection rights for individuals in the European Union, Iceland, Liechtenstein, and Norway. Shortcut values your privacy and the security of your data and works with counsel to satisfy the requirements of this legislation.
For more detail about the regulations, visit the official EU GDPR site.
Key Requirements
- How consent for data collection and processing must be obtained
- How data subjects may exercise their rights regarding personal data
- What must be done to demonstrate that data is processed and secured in accordance with the GDPR
Shortcut’s Role
Shortcut is both a data processor and data controller:
- We process our customers’ customer data
- We control the data of our customers that log into Shortcut
We have certain requirements and liability for both roles.
Individual Rights Under GDPR
Right to be Informed
Emphasizes transparency to individuals and provides an obligation to provide “fair processing information” using clear and plain language at the time consent is obtained.
Right of Access
Allows individuals to access their personal data to be aware of and verify the lawfulness of processing.
Right to Rectification
Individuals are entitled to have personal data corrected if it is inaccurate or incomplete.
Right to Erasure
Enables individuals to request deletion of personal data if it is no longer necessary or consent is withdrawn.
Right to Restrict Processing
Provides individuals the right to “block” or suppress processing of personal data.
Right to Data Portability
Allows individuals to obtain and reuse their personal data across different services.
Right to Object
On certain grounds, provides individuals the right to object to data processing for profiling or direct marketing.
Rights Related to Automated Decision Making
Provides safeguards against potentially damaging decisions made without human intervention.
How to Invoke Your Rights
Contact the Shortcut support team at privacy@shortcut.com from the email address associated with your account, with the subject line “GDPR Notice.”
If you have a customer who needs to be removed from your Shortcut account, contact privacy@shortcut.com to process this request.
Requests for Erasure and Data Portability rights will take up to 30 days to process to meet compliance timelines.
In the Event of a Breach
In the event of a breach, Shortcut will:
- Contact the affected Shortcut account owners
- Immediately trigger remedial action to ensure compliance
- Maintain effective communication with affected customers throughout the process
Data Protection Addendum
Our Data Protection Addendum was last updated on August 23rd, 2018. Contact Shortcut Support at support@shortcut.com for assistance obtaining a copy of the DPA and SCCs.
Additional Questions
For any additional questions or concerns about Shortcut’s approach to privacy, security, certifications, or GDPR compliance, contact privacy@shortcut.com.