General Data Protection Regulation (GDPR) 2016/679 is a ground-breaking privacy and security law targeting organisations that collect people’s data within the European Economic Area (EEA). At its core, GDPR brings sweeping personal data protection principles and demands accountability from businesses offering services within the EU. It mandates respect for fundamental privacy rights and consent for any personal data to be collected. GDPR is a win for digital privacy.
At Calibre, we believe data privacy is essential, so we implement strategies beyond GDPR compliance to ensure your data is safe. We believe in collecting the minimum amount of data, not only out of respect for privacy but also to reduce possible risks.
Since GDPR came into effect on May 25, 2018, Calibre is compliant with the regulation. Here’s what we do:
We prompt anyone visiting the Calibre website to accept or reject cookies used for analytics purposes. If you decline, we will store no analytics data except for remembering your choice not to be tracked across Calibre’s website and application.
Contact us at firstname.lastname@example.org to request an executable Data Processing Agreement. As a small team, we cannot make changes to the standard DPA and cannot agree to sign customers’ DPA.
We only send your data to trusted third parties when it’s essential to provide core Calibre services. Here’s a list of sub-processors we currently use:
|Sub-processor||Nature of processing||Location of sub-processor|
|Amazon Web Services||Infrastructure hosting||USA|
|Google Auth SSO||USA|
|MailChimp||Email newsletter delivery||USA|
|Notion||Documentation & planning||USA|
|Postmark||Application email delivery||USA|
If you have any questions regarding GDPR compliance at Calibre, we’re here to help. Contact us at email@example.com.