Data Protection and Privacy at Ada
Ada will be GDPR compliant before it comes into effect May 25, 2018, ensuring that our clients can provide appropriate data security for their customers. We’re committed to maintaining the highest standards for privacy and security with every product and service offered—now and in the future.
What is GDPR?
The General Data Protection Regulation (GDPR) is a legal regulation for personal data that applies to any organization that stores the data of EU citizens. The GDPR provides individuals with more control over how their data is used and processed. Originally adopted in April 2016, the regulation comes into enforcement on May 25, 2018.
There are two different entities specified in the regulation: data controller and data processor. A data controller is the entity that determines how and when to store personal data, as well as the manner in which it’s processed; a data processor is a third party that processes data on behalf of the controller.
Is Ada a data controller or processor?
We’re both. Ada is a data controller in the sense that we store information about your customers, such as billing information and email addresses. But our main function is as a data processor, collecting transcript data for you through our chat application.
How is Ada preparing for GDPR?
Here are a few of the things we've been working on to get ready for the GDPR.
Privacy By Design: We’re constantly reviewing the way we build our product to ensure that data privacy remains a central focus in our decision making.
Data Security: We’ve conducted extensive reviews of our data infrastructure and practices to ensure that customer data is secure and our infrastructure is compliant.
Data Protection Officer (DPO): We’re adding a new role! The Data Protection Officer is a role defined by the GDPR that oversees the data protection strategy and implementation to ensure compliance with GDPR requirements. This role is filled by Benji Visser, whom you can reach at firstname.lastname@example.org for questions related to the GDPR or Ada’s data protection strategy.
Working With Customers: We’re working with you to answer questions about the GDPR and how it affects you. We’re also offering Data Processing Agreements (DPA) to all current clients, which provides contractual proof of GDPR compliance and can be signed before May 25, 2018. You can sign a DPA with Ada Support Inc. here.
Working With Subprocessors: We’ve established appropriate Data Processing Agreements with all subprocessors that have been used to ensure GDPR compliance. You can view the full list of subprocessors Ada uses below.
No Longer Storing IP Addresses By Default: For all new bots on Ada, we have disabled the collection of IP addresses by default. This ensures that we are only storing personal information when absolutely required.
List of Data Subprocessors
In order to understand with whom we share your data, we have made a list of data subprocessors publicly available here. We have Data Processing Agreements (DPA) signed with all our Data subprocessors.
Terms of Service and Policies
If you have any questions regarding GPDR or your use of Ada, feel free to email email@example.com
You can sign a Data Processing Addendum with Ada Supprt Inc. here.