# GDPR

Information about Shortcut's GDPR (EU General Data Protection Regulation) compliance and how to exercise your data protection rights under EU regulations.

## Overview

The General Data Protection Regulation (GDPR) provides data protection rights for individuals in the European Union, Iceland, Liechtenstein, and Norway. Shortcut values your privacy and the security of your data and works with counsel to satisfy the requirements of this legislation.

For more detail about the regulations, visit the [official EU GDPR site](https://gdpr.eu/).

## Key Requirements

- How consent for data collection and processing must be obtained
- How data subjects may exercise their rights regarding personal data
- What must be done to demonstrate that data is processed and secured in accordance with the GDPR

## Shortcut's Role

Shortcut is both a **data processor** and **data controller**:
- We process our customers' customer data
- We control the data of our customers that log into Shortcut

We have certain requirements and liability for both roles.

## Individual Rights Under GDPR

### Right to be Informed

Emphasizes transparency to individuals and provides an obligation to provide "fair processing information" using clear and plain language at the time consent is obtained.

### Right of Access

Allows individuals to access their personal data to be aware of and verify the lawfulness of processing.

### Right to Rectification

Individuals are entitled to have personal data corrected if it is inaccurate or incomplete.

### Right to Erasure

Enables individuals to request deletion of personal data if it is no longer necessary or consent is withdrawn.

### Right to Restrict Processing

Provides individuals the right to "block" or suppress processing of personal data.

### Right to Data Portability

Allows individuals to obtain and reuse their personal data across different services.

### Right to Object

On certain grounds, provides individuals the right to object to data processing for profiling or direct marketing.

### Rights Related to Automated Decision Making

Provides safeguards against potentially damaging decisions made without human intervention.

## How to Invoke Your Rights

Contact the Shortcut support team at **privacy@shortcut.com** from the email address associated with your account, with the subject line "GDPR Notice."

If you have a customer who needs to be removed from your Shortcut account, contact **privacy@shortcut.com** to process this request.

> Requests for Erasure and Data Portability rights will take up to 30 days to process to meet compliance timelines.

## In the Event of a Breach

In the event of a breach, Shortcut will:
- Contact the affected Shortcut account owners
- Immediately trigger remedial action to ensure compliance
- Maintain effective communication with affected customers throughout the process

## Data Protection Addendum

Our Data Protection Addendum was last updated on August 23rd, 2018. Contact Shortcut Support at **support@shortcut.com** for assistance obtaining a copy of the DPA and SCCs.

## Additional Questions

For any additional questions or concerns about Shortcut's approach to privacy, security, certifications, or GDPR compliance, contact **privacy@shortcut.com**.