How we at Shipbook
are GDPR compliant:
How Do Logs Interact
with GDPR* Regulations?
At Shipbook, we are all about the storage and retention of logs so that they can be collected and analyzed to help better app performance. GDPR regulations maintain that nothing can be stored unless it is considered essential information for the functions of the company.
So, this begs the question, how essential are logs? Mobile logs contain important information on the user experience and they have the potential to provide solutions to issues in the app even without the user’s feedback. While the app is being used, the logs that detail all of the user’s actions are automatically uploaded to the cloud. The programmer will then receive a list of logs.
GDPR also dictates that data which was once relevant, but with time, has become obsolete must be deleted. No more keeping records just for the sake of storing information. Every piece of personal data that is stored must have a reason and purpose.
At Shipbook therefore we comply with the law’ regulations on storing essential logs only, and we have a set time limit for the retention of any logs, after which all data is deleted.
Logs and the Right to Transparency:
Logs and the Right of Access:
GDPR allocates to citizens of the EU the right to access any information of theirs that is being stored, at any given time. At Shipbook we have a platform which allows us to gather any and all information that is currently being stored on any individual user, any easily transfer it upon request.
Logs and the right to be Forgotten:
This is the right to request the deletion of any information ant any time. Barring certain exceptions (e.g. reasons of public interest archiving etc.) if a user asks that the data collected be deleted, we have the ability to comply, without harming any of the other logs of all of the other individual users that are being stored.
Logs and the Right to Object to Processing:
Any individual user has the right to object to their data being collected and processed. We therefore advise that all companies working with Shipbook have an automated block which will prevent future collection of logs from a specific user, in the event said user objects to data collection.
Logs and Information Protection:
Users personal information (e.g. credit card information, names, addresses, phone numbers, passwords, etc.) should never be included in the logs. Companies contracted with Shipbook must ensure that all of the logs that are uploaded to the cloud and stored with Shipbook are devoid of any personal information that is barred by GDPR regulations.
So, in Effect, How Does Shipbook Comply with GDPR Regulations?
Shipbook maintains an internal list of all data processing activities, as well as any activities conducted by sub-contractors. Data is processed inside and outside the European Union and any Shipbook contractors are GDPR- compliant. Data is copied and stored only to the extent required.
Any user can contact Shipbook at: firstname.lastname@example.org in the event that they would like to have data deleted, for queries, or to address any concerns they may have regarding data processing.
When you register with us, you will need to submit certain service-specific details. If any data is withheld it may not be possible to obtain the services we provide in full. Shipbook does not retain credit card information.
Shipbook does not disclose any information to any third party, for any purpose (baring legal or regulatory requirements, or in contracting with another company to improve the services we provide).
To ensure the security and confidentiality of data we use data networks protected by industry standard firewalls and SSL encryption. Employees have access to logs on a need-to-know basis only.
Shipbook may use tracking technology (“Cookies”) to gather anonymous information, such as browser type, operating systems and the date and time of access. Cookies do not store any personal information, and are used to improve the content of our website alone.
Shipbook has a log retention system with weekly or monthly automatic deletion mechanisms.
Shipbook uses server space from a third party based in the European Union, which is GDPR-compliant.
At Shipbook we make it our priority to ensure that as mobile apps collect information from their users, this is done in ethically, with consent and transparency. At any point in time, any user has the right to erase all records, and logs, and their data will never be used for any purpose other than improving app performance quickly and efficiently. Shipbook maintains data only for as long as is reasonably needed for purposes that are strictly within the bounds of legal or ethical reporting or document retention requirements.
For Data Subjects in the EU:
We value your data subject rights under GDPR and therefore appointed GDPR-Rep.eu as representative according to Art 27 GDPR and provide you with an easy way to submit us privacy related requests, like a request to access or erase your personal data. If you want to
make use of your data subject rights, please visit: https://gdpr-rep.eu/q/14270826
Maetzler Rechtsanwalts GmbH & Co KG
Attorneys at Law
c/o Shipbook Ltd.
Schellinggasse 3/10, 1010 Vienna, Austria
Please add the following subject to all correspondence:
GDPR-REP ID: 14270826
*For more information on GDPR see our terms of services