Effective as of May 25th, 2018, the EU General Data Protection Regulation (“GDPR”) governs the way organizations in the EU handle and approach data privacy and the export of personal data outside the EU.
As it happens, our company Oki Doki Digital, Inc. runs Doki from Canada and all of the services we use to run Doki are located in the United States. However, we’re are fully committed to complying with the GDPR so that our customers can as well, and so we’ve done a ton of work to comply with the regulations as best as our small team possibly can.
As part of our commitment to the spirit of the regulations, we regularly document our progress and process with GDPR compliance on our GDPR Documentation Page. Please review our GDPR documentation regularly to keep up to speed with our ongoing efforts.
We honestly want to collect as little data about you as possible. We collect just enough information to make Doki as useful to you as possible and to make sure Doki runs smoothly and can continue to do business.
Data Access and Portability
We’re continuing to build tools into Doki that allow you to manage all of your data and comply with your own requirements as a data controller of your Students’ data.
However, if you wish to make a Subject Access Request (“SAR”) under the GDPR, please use our Subject Access Request Form. Please note that we may take up to 30 days to process your request. In the case that it will take longer than 30 days, we will notify you ASAP.
Data Processing Addendum
If you’ve determined that you are a controller of your EU users’ data under the terms of the GDPR, you may be required to sign a Data Processing Addendum (“DPA”) with each of your vendors. If you’re using Doki to sell Courses to Students in the European Economic Area (“EEA”), we may be one of those vendors.
We make it relatively straightforward to sign our DPA electronically via our self-service Data Processing Addendum. You can preview, review, and, of course sign our DPA and a confirmation copy will be provided to you via email.
One note about DPAs: we only sign our DPA and the DPAs of our sub-processors; we will not sign or agree to your own custom DPA. As a micro-business we also can’t make individual changes to our DPA since we don’t have dedicated legal team like large corporations. A standardized DPA is provided to make it easy for us to manage and easy for you to review.
If you have questions about your business and the GDPR, we highly encourage you to seek legal counsel. However, if there’s a Doki-specific GDPR compliancy question, please contact us:
By email: firstname.lastname@example.org