GDPR Compliance

AgencySweet is committed to GDPR compliance and protecting the privacy rights of individuals in the European Union.

Our Commitment to GDPR

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that governs how organizations collect, use, and protect personal data of EU residents. AgencySweet fully supports GDPR and has implemented measures to ensure compliance.

Data Processing

As a data processor for our customers, we:

  • Process data only according to your instructions
  • Ensure staff are bound by confidentiality obligations
  • Implement appropriate technical and organizational security measures
  • Assist you in responding to data subject requests
  • Delete or return all personal data at the end of our relationship
  • Provide information necessary to demonstrate compliance

Your Rights Under GDPR

If you are an EU resident, you have the following rights:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restrict Processing: Request limitation of data processing
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to processing of your personal data
  • Rights Related to Automated Decision Making: Not be subject to decisions based solely on automated processing

Data Protection Agreement

We offer a Data Processing Agreement (DPA) to all customers who need one for GDPR compliance. Our DPA includes Standard Contractual Clauses (SCCs) for international data transfers.

International Data Transfers

AgencySweet is based in the United States. When we transfer personal data from the EU, we rely on Standard Contractual Clauses approved by the European Commission to ensure appropriate safeguards are in place.

Sub-processors

We use the following sub-processors to help deliver our services:

  • Amazon Web Services: Cloud infrastructure (US, EU)
  • Stripe: Payment processing (US)
  • SendGrid: Email delivery (US)
  • Intercom: Customer support (US)

We will notify you of any changes to our sub-processors and provide you with the opportunity to object.

Data Breach Notification

In the event of a personal data breach, we will notify affected customers without undue delay and within 72 hours of becoming aware of the breach, as required by GDPR.

Data Protection Officer

For any questions or requests related to GDPR or data protection, please contact our Data Protection team at dpo@agencysweet.com.

Request Your Data

To exercise any of your GDPR rights, including accessing, correcting, or deleting your personal data, please submit a request to privacy@agencysweet.com. We will respond to your request within 30 days.