The EU General Data Protection Regulation (GDPR) will be enforced in 30 days, on 25th of May, after around a year-long transition period. The legislation is one of the most important changes to individual privacy protections in this millennium. Since June 2017, I have been personally responsible to ensure full GDPR compliance for Sniffie before the enforcement deadline.
Read more to see some precautions Sniffie has taken to ensure GDPR compliance at all times. If you already use our service, you already know about these practices. We are GDPR ready already today!
Overview of Sniffie’s GDPR compliance
Sniffie service has been fully GDPR compliant since last fall. Other processes, such as billing, sales and reporting were reviewed for GDPR compliance early 2018. The whole Sniffie ecosystem achieved full GDPR compliance in March 2018. To ensure compliance, parts of our GDPR compliance procedures have been reviewed by a third-party.
Sniffie ensures the GDPR compliance of any tools that is used to provide the service to you. These include software related to billing, support etc.
No personal data is collected without your consent
Sniffie will not, at any times, collect any personal data without your consent or your approval. When you use Sniffie service for the first time, you need to agree to Sniffie service terms and conditions. If you agree to them, you consent to Sniffie service collecting some obfuscated analytics on your service usage.
If you don’t agree to the terms and conditions of Sniffie service, you will be logged out of Sniffie service and cannot use the service at all. No data will be collected and your account will be automatically removed from our system after 30 days of not agreeing to consent.
All personal data is stored within EU area at all times
All personal data within Sniffie is always stored in EU area. That is, even if you are located outside of EU, all your personal data is still protected by the same privacy precautions that we take for granted. No personal data processing happens outside of EU at any time.
The data centers we use all around the EU are fully compliant with PCI-DSS and many different ISO certificates.
You can request any/all your personal data from Sniffie at any time
Since fall 2017, we have had procedures in place for you to request any or all of your personal data from Sniffie at any time. That is, we will provide any personal data we have on you should you request it from us at any time.
You can request removal of any or all personal data from Sniffie ecosystem at any time
Since fall 2017, we have had procedures in place for you to request removal of any or all of your personal data from Sniffie at any time. That is, we have procedures in place to remove any or all of your personal data from our system upon your request.
When you choose not to use Sniffie service any more, all of your personal data is automatically removed from our system after 7 days since account removal. If you send us a notification in advance, your data can be removed at an accelerated pace.
You personal data is protected in Sniffie’s system at all times
Sniffie will never process your personal data with a system that is not adequately protected. This includes you name, email address, password, IP address and other personal data our system has on you. Below are some of the practices we utilize to make sure your personal data is secured at all times.
All Sniffie machines are hard-drive encrypted. All machines and users within Sniffie network are secured with a VPN with individual certificates and strong passwords. Any connections between computers within Sniffie network require a strong SSH authorization within the VPN network.
All connections from the Internet to Sniffie network are secured with HTTPS. Service passwords are hashed and salted with practices recommended in 2018 by industry experts. Sniffie service has been built with OWASP Top 10 compliance in mind. Sniffie service is rigorously tested for exploits and bugs by Sniffie tech team regurarly. Any commits to any parts of Sniffie service code ensure four-eyes principle.
We regularly review access logs to any services and have built automated processes to monitor and ensure that no unauthorized accesses are made to the service. Our systems blacklist any IPs that fail to authorize themselves properly after multiple attempts.
All Sniffie employees attend security training sessions regularly
Sniffie tech team organizes quarterly training sessions for all Sniffie employees regarding the practices of handling and processing any personal data. All new employees are taught about the security practices at onboarding.
People under 16 years are prohibited from using the service
The only change to currently available terms and conditions during first login is related to your age. When you agree to Sniffie terms and conditions starting in May, you will ensure that you are at least of 16 years of age.
We will not be able to provide you service should you be under 16 years of age when GDPR is enforced. The age of our current users have been checked by the team member responsible for this.
Have a nice day!
Niko & the Sniffie team