GDPR

GDPR Introduction
The European Union General Data Protection Regulation (GDPR) is a regulation that aims at unifying EU member state data privacy regulations into a single regulation, enforced on the EU single market. This article describes the GDPR compliance status of CountdownTimer.ai

If your company needs to ensure it is GDPR-compliant, it also needs to ensure its providers (ie. CountdownTimer.ai) are also GDPR compliant. CountdownTimer.ai is GDPR-compliant, and strictly enforces the regulation as to protect the user data we store.

CountdownTimer.ai and GDPR
The GDPR regulation can be reduced to 11 important points. For each point, we explain how CountdownTimer.ai handles its compliance. If we did not answer your questions in this article, you can still drop us a chat or email.

Also, please note that all CountdownTimer.ai data processor providers have been checked to be all GDPR-compliant (Stripe).

1. Awareness
All employees responsible for software development & infrastructure maintenance of CountdownTimer.ai are fully aware of the GDPR requirements.

Also, code reviews are performed by the Data Protection Officers (as listed in this article), before any code deployment to the platform. This ensures security breaches and bad practices are not implemented by eg. a third party temporary contractor or a CountdownTimer.ai employee, even if aware of GDPR requirements (this plays as a double human safety check).

2. Information We Hold
CountdownTimer.ai stores data on two kinds of parties:

  • Our customers

  • Our customers' end-users (i.e., the users of our customers)

2.1. Information Held on Our Customers

  • CountdownTimer.ai collects account information for each customer, including:

  • User first and last name and email.

  • User payment details (includes invoicing information, e.g., company address and country — the credit card number is stored by Stripe)

Browsed pages on the Controller’s website and referring URL

  1. Date and time of visits to the Controller’s website

  2. Technical information such as screen resolution, operating system, browser type, and device type

  3. Geolocation data (country and city)

  4. IP address

2.2. Information Held on Our Customers’ End-Users

Information held on our customers’ end-users includes:

  • End-user email address (collected upon signup with end-user consent)

  • End-user signup date and time (used for analytics purposes)

We do not collect or process any other personal data from our customers' end-users beyond the email address and signup date and time. This limited data collection is solely used for analytical purposes to enhance our services.

The information held on our customers' end-users is solely the responsibility of our customers (i.e., the individual websites using CountdownTimer.ai). It is the responsibility of our customers to manage the data they hold in their personal CountdownTimer.ai account and CRM, i.e., to remove sensitive data if someone may happen to share it with them (e.g., Social Security Numbers, etc.). It is our responsibility to secure access to this data (i.e., only website operators can access it and have a right to rectification and deletion).

3. Communicating privacy information
CountdownTimer.ai customers end-users privacy terms are the sole responsibility of CountdownTimer.ai customers. They should be announced on CountdownTimer.ai customers website.

4. Individuals’ right

  • Right to be informed

  • Right of access: our users can access all their data

  • Right of rectification

  • Right of erasure

  • Right to restrict processing

  • Right to data portability

  • Right to object

  • Right not to be subject to automated decision-making including profiling

5. Subject access requests

CountdownTimer.ai replies to all access requests (positively or negatively) under 1 week (the legal limit from GDPR is 1 month). We offer this free of charge for our customers (paid and free).


6. Lawful basis for processing personal data
CountdownTimer.ai stores user data involving a consent (ie. a conversation both parties entered by will, and exchanged eg. emails).

It is the CountdownTimer.ai customers responsibility to ensure user data is lawfully collected in the event they use our CRM features. For instance, if the emails that get collected from the CountdownTimer.ai timers get re-used for marketing campaign purposes either on CountdownTimer.ai or an external system, the CountdownTimer.ai customer has to ask for user consent upon collecting this email.

7. Consent
Consent is provided by our users explicitly when proceeding an action or task (eg. when they provide user data).

CountdownTimer.ai allows its customers to submit user data in an automated way, via a frontend JavaScript API and backend REST API. This data must have been provided by the customer user in a consensual way, as it will get propagated to CountdownTimer.ai in an automatic way (if the customer implemented such API in their source code).

8. Children
CountdownTimer.ai does not offer online services to children, due to the nature of the service provided (business-to-business). Thus, we did not identified it as relevant to control the age of users signing up for services.

Children might still be able to use the CountdownTimer.ai services, from the website or apps of a customer. To this extent, the CountdownTimer.ai customer is responsible for checking against their own users and activities regarding children regulations.

9. Data breaches
Our team closely monitors any unauthorized system access, and has put in place multiple preventive measures to reduce the attack surface on our systems and services. From the start in 2023, CountdownTimer.ai has had 0 major security issues.

Here are a few measures we took to reduce any attack surface:

  • Aggressive use of firewalls and network isolation in our infrastructure

  • No access to our server systems is allowed from the public Internet, trusted administrators from the CountdownTimer.ai team need to connect via a trusted VPN network

  • We monitor any security flaw in any library we may use in our running backends, and patch them as soon as an update is issued

  • Use of 2-Factor-Authentication on all our sensitive accounts (eg. hosting provider, etc.)

  • Isolate data stores and sensitive backends on different servers

  • All platform backups are GPG/PGP-encrypted and stored privately, retained for a maximum of 1 week

The points listed above help reduce the probability of a major data breach occurring.

10. Data Protection by Design and Data Protection Impact Assessments
Whenever CountdownTimer.ai develops a new system, security comes as a first when designing the architecture of such a system. Our first goal is to protect the integrity of the new production system, and the second goal to protect the user data that’s being stored and used by that system.

11. Contact Us
If you have any questions about these Terms, please contact us at hello @ countdowntimer.ai

These Terms were published on 15.01.2023