GDPR & Privacy FAQ

Below you’ll find some of the frequently asked questions around privacy and GDPR.
If you were looking for answers on what Connie can do for you and how it works, then please check out our general FAQ

 

Is Connie GDPR compliant?

Yes, we are.

We of course take these rules and regulations seriously and therefore we are GDPR compliant. We’ve tried to answer some of the most common questions below, but if you would like to dive deeper, please have a look at our Data Processing Agreement and Privacy Policy.

 

Update July 20th, 2023: The entire IT infrastructure for our service is now located in Denmark, ensuring zero third-country transfers of your and your customers data.

 

What is personal and sensitive data, and do we store it?

In general, there are two kinds of data on a person:

Personal Data and Sensitive Data. We store the smallest possible amount of personal data to be able to render our services to you. This is typically your full name, your email and the company you work for.

We will never ask for or store Sensitive Data. This could be your ethnic origin, political and religious views or sexual orientation. Please never submit, or ask your customers for this type of data.

Does Connie have a Data Processing Agreement?

Yes, we do. The Connie DPA is relevant for our Customers. You can find it here.

Is Connie sharing any of my personal data?

No, we will never share or sell your data to others. 

We do however use one carefully selected sub-processors, our data center, which is located in Denmark.

We have entered into our own Data Processing Agreements with our sub-processor, ensuring that they also comply with GDPR legislation.

Like most companies, we also store Cookies when you browse our website. When you visit our site for the first time you will be notified with a “We use cookies”-pop-up.

What is a data processor and a data controller?

A data controller decides ‘why’ and ‘how’ the personal data should be processed. 

Whereas a data processor processes personal data on behalf of the controller.

Connie is a “Data processor” because we process your data - this would be the data you have inside your Connie App, e.g. contract templates, projects and issued contracts.

Here's an illustration of how data flows:

You can read more about the relationship between a data controller and processor on the European Commission website.

What third party suppliers do you have?

Our entire data handling lives on a very lean technology platform, using only a few critical service providers.

We use a small selection of highly curated third party suppliers and sub-processors. You can see the full list in our Data Processing Agreement.

There you can also get an overview of what we use them for, where they are located in the world, and what their legal grounds are for processing data.

What else do you do to protect our Privacy?

Connie is built exclusively using best-in-class development platforms and cloud services, with security-by-design at its heart. Moreover, we have implemented a series of technical and organisational security measures to ensure an appropriate level of security. Please have a look at those here.

Does Connie have a Data Protection Officer?

No, mainly because we are still a very small team. But that means that we can still train everyone to handle and manage data , and do act in order to follow applicable legislation.

Do not hesitate to contact privacy@connie.page, if you have any questions.

What about GDPR and the US?

We’re glad you ask, because that is often the elephant in the room.

We are fully hosted on Danish data centers, and in our role as Data Processor we have zero third-country transfers.

Please see these documents for all the details:

Data Processing Agreements
Privacy Measures
Privacy Policy

I found a vulnerability in Connie. What should I do?

If you have come across a vulnerability in your use of Connie, we would love to hear about it. Please write us at privacy@connie.page

Who do I contact if I have a GDPR related question?

If you have a GDPR related question, and you can't find the answer here in the FAQ, please reach out to us on privacy@connie.page 

Does Connie have a Transfer Impact Assessment (TIA)?

No, not yet. We are currently working on this with our law firm.

I want to know more!

Great! Here’s a bunch of links to our legal documents:
Privacy Policy
Organisational & Technical Privacy Measures
Terms & Conditions
Data Processing Agreement


Last updated: July 20th 2023.