GDPR (General Data Protection Regulation)
Understanding the GDPR
Blue Street Technologies is 100% committed to data protection and data privacy. That’s why we completely welcome and embrace the GDPR (General Data Protection Regulation), which was approved and adopted by the EU (European Union) and the EEA (European Economic Area).
WHAT IS THE GDPR?
The GDPR is a directly binding regulation (not a directive) in EU law on data protection and privacy for all individuals within the EU and the EEA superseding the Data Protection Directive 95/46/EC. The GDPR’s sole purpose is to give control back to individuals over their own personal data (what a concept!) and to simplify the regulatory environment for international business by unifying the regulation within the EU. It was adopted on 14 April 2016 and became enforceable beginning 25 May 2018.
The GDPR contains provisions and requirements pertaining to the processing of personal data of individuals inside the EEA and applies to any enterprise established in or outside the EEA that processes such information regardless of its geographic location (outside the EEA) or the citizenship of the individuals’ personal data.
Businesses must report any data breaches within 72 hours if they have an adverse effect on user privacy. Violators of the GDPR may be fined up to €20 million or up to 4% of their global annual revenue, whichever is greater.
BLUE STREET TECHNOLOGIES & THE GDPR
Customer trust is our absolute top priority. Our team of experts have implemented the required adjustments to our products, services, and documentation, to ensure compliance with GDPR. This empowers Blue Street customers to get more control over their personal data and gain the tools necessary to protect the information of visitors to our sites. We are dedicated to data protection and have effectively reinforced this since the beginning of our company.
What are we doing to ensure data protection for all our clients?
We employ full-time security experts dedicated to the security of our clients’ information and use advanced security methods and tools to locate and eliminate security issues.
Blue Street is PCI-DSS (Payment Card Industry Data Security Standards) compliant and is accredited as a level 4 service provider and merchant, and our ecommerce platform partner is accredited as a level 1 service provider and merchant. This standard helps create a secure environment by increasing cardholder data, thus reducing credit card fraud. We regularly perform internal security audits to maintain our ISO/PCI security certifications.
Blue Street's signup and login services are completed through a secure server (HTTPS/SSL).
Blue Street has security experts on staff to ensure the security of our user information. They perform regular security audits and infiltration testing to exceed our ISO/PCI security certifications. Any issues that are reported to our security team or raised during security audits are resolved right away.
Blue Street encrypts databases containing sensitive information, according to PCI standards, to add additional protection of personally identifiable information. Our encryption methods render this information unreadable without the precise cryptographic key.
Blue Street has a multi-layer security architecture to help protect against 0-day security issues.
Blue Street uses cryptography hash functions to protect your information. Your password is stored as a hash digest and, in the event of a security breach, your original password cannot be recovered from our servers.
Blue Street is certified under the EU-US Privacy Shield Framework and the Swiss-US privacy Shield Framework as set forth by the U.S. Department of Commerce, regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, and therefore adheres to the Privacy Shield Principles.
In accordance with the GDPR, site visitors have the right to access their data or "be forgotten" (to be permanently deleted from our databases).