Coming Soon.
We are working hard to introduce you to our digital goods trading marketplace with integrated escrow. Please bare with us!
 

GDPR COMPLIANCE

The European data protection law called the General Data Protection Regulation (GDPR) became effective on May 25, 2018 and affects all companies who process personal data of individuals in the EU.

Freegram understands that data protection is important to its users. As a Canadian company, Freegram is already subject to data protection laws that provide for similar standards as existing European laws. And as a company with thousands of users in Europe, Freegram is well aware of the need to provide its EU users with services and solutions that will help them meet the EU's new data protection requirements.

Freegram fully welcomes the GDPR and is here to help our users address the GDPR through our robust privacy and security protections. We appreciate that the GDPR requires our users, as data controllers, to engage data processors that deploy appropriate safeguards. Freegram has been heavily engaged in preparing for the GDPR. We fully appreciate and recognise the importance of GDPR to our users in the delivery of our services to them.

What is the GDPR?

The GDPR is a new European data protection law which sets out various requirements that became effective on May 25, 2018. It replaces the existing data protection regime for the EU under Directive 95/46/EC, and is intended to harmonise data protection laws throughout the EU by applying a single data protection law that is binding throughout all Member States. Countries outside of the EU, including countries in Asia, are also implementing laws that align with the GDPR.

Who does the GDPR apply to?

The GDPR applies to virtually all organisations that process the "personal data" of EU residents as a result of services offered to them or which monitor them, regardless of whether the organisation physically resides in the EU. Personal data is any information relating to an identified or identifiable natural person.

How does the GDPR apply to Freegram and its users?

Freegram is a social media management tool and social media marketplace that enables its users to bring together their social networks and either manage its growth in one place or securely trade their digital assets. Because the content on social media is user-generated, it may at any time contain personal data if users of social media decide to share such information. As a result, the GDPR will apply to both Freegram and its users, but in different ways.

The GDPR distinguishes between organisations that are "data controllers" and those that are "data processors". As explained in our Privacy Policy, Freegram is a data processor of content generated, requested or published via its supported social networks. As such, Freegram only processes content in accordance with the instructions our users give us through our services. Because our users control how their content is collected and used by them, our users are, in legal terms, the data controllers of the content that they process through our platform. Freegram is its users' data processor of that content.

For more information on the types and categories of data we and our users collect and process, please see our Privacy Notice.

What has Freegram done to prepare for the GDPR?

Freegram welcomes the GDPR and is committed to strengthening the robust organisational and technical safeguards it already makes available to users. Freegram appreciates that the GDPR requires a partnership between Freegram and its users in their use of our services. We can confirm that Freegram has been heavily engaged in preparing for the GDPR and recognises the importance of GDPR to our users in the delivery of our service to them.

Freegram has carried out an in-depth GDPR readiness project across our entire organisation. As part of this project, we analyzed each of our product offerings and our internal policies with a view to becoming GDPR ready. These steps included:

  • Dedicating full-time resources to privacy, data protection and the GDPR;
  • Conducting an organisation-wide review of all personal data processing activities within Freegram to ensure alignment with GDPR requirements;
  • Creating cross-departmental teams from security, engineering, product and legal to roadmap and ensure any technical or organisational measures required under GDPR are in place; and
  • aligning Freegram's existing security framework with the National Institute of Standards and Technology (NIST) security controls, which are aligned with, and appropriate to meet, the GDPR's Article 32 security requirements

Is Freegram GDPR Ready ?

Yes, as of May 25, 2018 all Freegram products and services are GDPR ready. In addition to our own compliance with GDPR principles, we are committed to helping our users in their own compliance with the GDPR in connection with their use of our services. As such, we are making a Data Processing Addendum (DPA) available for all users to sign. Please refer to the DPA section below on how to enter into a DPA with Freegram.

Can I enter into a Data Processing Addendum (DPA) with Freegram?

Freegram makes available a Data Processing Addendum (DPA) for GDPR. The GDPR DPA and some FAQs are available to all of our users. If you would like to incorporate the GDPR DPA into your existing agreement with Freegram, please email us and we will promptly send you Freegram's Data Processing Addendum for you to complete, sign and return to us.

How is Freegram different than other social media management services?

Freegram is a Canadian company with its head-office located in Toronto, Ontario. For the purposes of EU data protection law, Canada is considered a country which provides adequate protections for personal data, as confirmed by the European Commission in Commission Decision 2002/2/EC. Accordingly, unlike some other companies operating in the social media space, Freegram already resides in a country with strong data protection laws. In this way, the GDPR is more of an evolution than a revolution for Freegram.