Fresh Vine has implemented processes and procedures to ensure we meet both our Data Controller and Data Processor obligations under the European Union’s (EU) General Data Protection Regulation (GDPR).
It is important to note that GDPR does not have an accredited certification method. That means, there is no GDPR-approved way to demonstrate compliance. If you have questions regarding our compliance please reach out to DataProtection@freshvine.co and we will gladly answer any questions you may have.
- Fresh Vine has strong data protection controls including encryption of data in transit, in order to safeguard Data Subject’s data from unintended disclosure or misuse.
- Fresh Vine follows industry standard best information security practices and rigorously tests its products to proactively remedy bugs and vulnerabilities.
- Fresh Vine maintains incident response and notification processes which are reviewed and tested annually.
- Fresh Vine has procedures in place to ensure data recovery and data integrity, so that customer data is not lost or inadvertently corrupted.
- Fresh Vine provides assurances that the customer retains full control of their data.
- Fresh Vine’s key data sub-processors, e.g. Amazon Web Services (AWS), all maintain rigorous security standards (SOC2 and/or ISO 27001 certifications, where possible), and undergo annual vendor reviews.
- Read through and understand the regulation.
- Perform a gap, or impact, analysis to determine if there are any controls or processes which need to be put in place to adhere to the regulation. If necessary, implement those changes.
- Review the personal information shared with Fresh Vine, including any integrations you may have, and ensure you are not sharing or storing any unneeded or sensitive (SSN, driver’s license, credit card #, passport #, etc.) personal data.
- Determine if you require consent from Data Subjects in order to process their information. If so, update your consent collection and any forms or APIs if necessary.
- Review any processors, including us at Fresh Vine, which may store or process sensitive information. Ensure they have the proper processes and controls in place and establish Data Processing Agreements where necessary.
- Ensure you have the proper consent in order to track email opens/clicks. If not, we encourage you to turn those features off.
- Make sure to include unsubscribe links or notices within any emails which are required by law.
- If you have received a Right to be Forgotten request from a Data Subject, simply mark them as Forgotten from their Fresh Vine profile and within 7 days their personally identifiable information will be completely removed from our systems, including backups. *Coming Soon*
- Providing all stored User Data upon request. The GDRP gives a 30 day window to respond to requests for personal data. Fresh Vine makes this easy to do on their own, or for you to download on their behalf. *Coming Soon*
- If you or your company wish to have their data completely removed from our systems please cancel your subscription. This will trigger our automatic data removal process after your account is closed..
Fresh Vine Sub-Processors
|Name of Sub-processor||Description of Processing||Location of Processing|
|Amazon Web Services||Hosting Services and Content Delivery||United States|
|Amazon Web Services – SES||Transactional mail services provider||United States|
|Charlie HR||Human Resource Management||United States|
|Chatra.io||Live Website Chat||United States|
|Google Apps||Internal company infrastructure||United States|
|Google Analytics||Website analytics and performance||United States|
|Stripe||Subscription Management & Payment Processing||United States|
|Trello||Project Management||United States|
When we bring on a new vendor or other sub-processor who handles our Users’ Personal Information, or remove a sub-processor, or we change how we use a sub-processor, we will update this page. If you have questions or concerns about a new sub-processor, we’d be happy to help. Please contact us via Privacy contact form.