ninjacat logo

GDPR Data Protection: NinjaCat and the GDPR

What is the GDPR?

The GDPR is an EU privacy law that will take effect on May 25, 2018. It will regulate the treatment and use of personal data belonging to EU citizens.

Will the GDPR apply to my business?

EU-based businesses, as well as anyone processing the personal data of EU citizens, will likely be affected by the GDPR. If you ever collect, record, store, use, or erase personal data from customers or contacts in the EU, the GDPR should be on your radar.

What NinjaCat is doing to prepare?

NinjaCat is a US based company with offices in the UK. We have a core data protection team comprised of senior members of the Data, Security, and Architecture teams, as well as outside legal counsel that is dedicated to ensuring that NinjaCat is GDPR-compliant and assisting with the compliance of our customers.

Security and Trust

Keeping your data safe and secure is paramount. We adopt industry standard design led approaches to security at all levels from the way we design our software, its deployment, maintenance, monitoring and platform architecture and operational standards.    At all times you retain control over the data NinjaCat has access to and the transactions that occur and at any time can request a deletion of all personal data.

For a more detailed security overview please review our security overview.
Our Security Page

Your continued use of NinjaCat as a Customer

NinjaCat is a SAAS provider connecting your disparate marketing, analytics and CRM platforms together for the purposes of reporting and monitoring. NinjaCat also offers a call recording and analytics solution.

You are a controller, we are a data processor on your behalf.

Our Responsibilities as a Processor

  1. Processing of personal data based on instructions from you, the controller.
  2. Able to demonstrate GDPR compliance in data processing to you, the controllers and to supervisory bodies.
  3. Not to engage with another processor without written approval from you, the controller.
  4. If subject for any special data transfer regulations from EU/Member state, to communicate those regulations to you, the controller.
  5. Commitment from our employees accessing any personal data to ensure the confidentiality.
  6. Assist you, the controller to fulfill the data access subject requests from individuals within 21 days.
  7. Delete any stored personal data based on the request of you, the controller.
  8. Cooperate with the supervisory bodies.
  9. Maintain record of data processing including following information.
  • Name and contact details of the processor, associated controllers, any representative or any data protection officer (DPO).
  • Purpose of the data processing of each controller.
  • Type of data and categories of data subjects.
  • Whether the data will be transferred to 3rd party.
  • Whether the data will be transferred to 3rd party country.
  • How long data will be kept within the controller.
  • Technical and organizational security measures followed by the controller.

Please ensure that you have read the linked pages below and are aware of your responsibilities as a data controller.

What should I do next?

The GDPR goes into effect on May 25, but there’s still time to make your preparations. Review our GDPR guide to see what you can do, right now, to get ready.

We’re working hard to get ready, too. Our goal is to have all of the updates outlined in this article ready for you in early April.

GDPR Further Reading
GDPR Overview – ICO website

Updated Data Processing Addendum

NinjaCat has updated its data processing addendum. Fill in the
data processing addendum request form to receive the addendum.