GDPR Policy

GDPR Policy

On May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) will go into effect. We believe this presents a new opportunity for marketers to strengthen their brand loyalty by focusing on consumer privacy while delivering amazing experiences. Think of it as experiential privacy — having privacy be a key part of the customer experience, through relevant privacy notices presented in context and choices that are on brand.

What is SecretTees doing toward GDPR readiness?

Eblood Clothing either already meets or is implementing our obligations as a data processor. We have a strong foundation of certified security and privacy controls by design and will continue to make product enhancements in advance of the May 25, 2018 deadline. Enterprise customers will have the responsibility to implement these enhancements, as well as update any necessary policies and procedures.

#1 – A Strong Foundation of Security and Privacy Compliance

We’ve implemented a set of certified security processes and controls to help protect the data entrusted to us through the Eblood Clothing Security and Privacy Policies. This helps us comply with several security and privacy certifications, standards, and regulations, including SOC-2, ISO 27001, and the EU-U.S. Privacy Shield.

#2 – Privacy by Design

Our mission is to help you responsibly unlock the power of data. SecretTees has a long-standing practice of incorporating a proactive product development effort, also known as “privacy by design.” For example, Eblood Clothing has the ability to obfuscate Internet Protocol (IP) addresses and allow individual-level opt-outs.

#3 – Data Transfer

SecretTees is aligned to the EU-U.S. and Swiss-U.S. Privacy Shield frameworks for customer-related data. This provides our customers with the option of relying on these frameworks or entering into Standard Contractual Clauses (also known as EU Model Clauses) for the transfer of data from the EU to the U.S.

#4 – Contract Terms

SecretTees has updated our agreements with customers and vendors to account for GDPR requirements.

#5 – Records of Processing

SecretTees is working to more formally document the privacy practices we have in place to comply with the enhanced record keeping requirements.

#6 – Product and Process Innovation

SecretTees is constantly listening to its customers and looking for ways to simplify and further automate our product and service offerings to better support their GDPR needs. We have created the office of Chief Information Security Officer to focus on providing the mandated requirements of the GDPR, and to allow the product to maintain the utmost standards to security and privacy of consumers.