General Data Protection Regulation (GDPR) Compliance
Effective: January 24, 2019
At Clearout we understand the importance of data privacy and are totally against the use of customer data as a marketing commodity. We take all necessary steps to safeguard your data and are pleased to announce our 100% compliance with the EU’s General Data Protection Regulations (GDPR). Although these changes were spurred on by European law, data protection applies to everyone no matter where you’re located so we have updated our privacy policies accordingly.
What is the GDPR?
The GDPR is a comprehensive law that came into effect on May 25, 2018, designed to strengthen data protection around personal information for EU (European Union) citizens, to eliminate the hurdle of mistrust which can hamper the growth of innovative online services. It is a single set of rules that applies to the processing and monitoring of EU data.
Does it affect you?
Most likely yes, if you hold or process the data of any person in the EU, the GDPR law will be applicable to you even if you are not EU based.
What Makes Us 100% GDPR Compliant?
Our team has been working hard to be fully compliant with the EU’s GDPR. It includes a massive overhaul of processes and data models to corroborate our legal obligations and did the best for our customers while still letting us scale and build new features.
Discrete Verification Set-up for Data Belonging to the EU region
As per the recent GDPR update, data from companies based on the EU should not go outside their region.
Clearout service has been deployed to serve the European region, so to abide by this law our team has made arrangements wherein any data belonging to individuals/companies of the EU region will be securely transmitted, processed within Frankfurt, Germany data center only without letting any data outside of Europe.
Use of SCC as a data transfer mechanism
While transferring the personal information of the resident of the European Economic Area to any affiliated entities, we make use of the European Commission-approved standard contractual data protection clauses
, abiding by the corporate rules and other legal mechanisms to safeguard the transfer.Strong Data Security
Our email validation & verification service is a trusted one for millions of customers across all industries. Our architecture is continuously upgraded
- Our entire cluster is systematically behind a firewall.
- Double authentication is required for any connection.
- Subscription to Cloudflare to provide a WAF (Web Application Firewall) for a systematic block from potential threats.
Data Retention Policy
We retain the data that we control only as long as it is necessary or appropriate to fulfill the purpose for which the data was collected. A user at any time may request access to/ deletion/correction of the Personal Data that we hold about them by contacting us through email at [email protected]
Data Portability Terms
Clearout helps you meet your data portability requirements; The GDPR gives the right to any user to download any data that he provides to a service. This allows for easier migration to other services. Clearout has always made it possible for its user to download their data as and when required.
Data Processing Agreements (DPAs):
Under Article 28 of the GDPR, if a user is located in the EU, it needs a data processing addendum (DPA) signed with the sign-up. With our Data Agreement, we’ve made it simple and have the contract ready to be signed. The DPA includes standard clauses and further information about the processes we follow.
Limited Log Retention
We keep a variety of logs to improve, debug, and prevent fraud on the service. But we make sure none of the logs remains for a period of more than 3 months after their collection date. The logs are used only for monitoring and debugging.
Systematic pseudonymization of non-public data
Our email verification tool heavily pseudonymizes data to ensure the privacy of data subjects. Any attributes that don’t need to remain in its original form is truncated to remove any possibility to be linked back to a specific data subject.
Right of Change
Because we deal with publicly available web data, information removed from a website is also removed from our database. But if a data subject wishes to speed up the removal of any in our index, we offer a simple efficient way to claim email addresses. It is then possible to either update the data or entirely remove it.
Appointment of a Data Protection Officer
A dedicated Data Protection Officer has been appointed to oversee and advise on our data management. Get in touch by emailing [email protected]
A Rigorous Review Of Our 3rd Party Vendors
We ensure the continuous review of all our vendors to know their GDPR position and have signed Data Processing Agreements with them.
Detailed & Updated Policies
We have updated our Terms of Service and Privacy Policies to provide detailed information on how we access, process, and handle customer data, who we share it with, the steps are taken to secure it, and avoid any data leakage.