Counterpart GDPR Centre
The General Data Protection Regulation (GDPR) governs the processing of people’s personal data in the European Union. Counterpart’s policy is to comply with all applicable local laws regarding our business and the related use of personal data. Counterpart applies Data Stewardship Principles which are guided by the belief that the data entrusted to us belongs to our customers and their users.
Frequently Asked Questions
What do I need to do to be GDPR compliant?
Is Counterpart a controller or a processor?
Counterpart acts as an independent controller of the personal information placed in our products and services. The GDPR distinguishes between the roles of a ‘controller’ and a ‘processor’ – each having different compliance roles and responsibilities. The GDPR defines a controller as an entity that determines the “purposes and means” of the data processing – or, in layman’s terms, “how and why” data is processed. A processor, on the other hand, is defined as the entity that “processes personal data on behalf of the controller”.
Where is my data located when I use your services?
Our main data storage locations are in the UK and Canada. However, as a global company, data is accessed from various locations by our global team and our trusted partners.
The GDPR does not preclude EU personal data being stored (or otherwise processed) in the other countries, as long as there is a data transfer mechanism in place approved by the European Commission. When it comes to our trusted service providers, our practice is to put contractual terms in place to ensure they follow our instructions and have appropriate security in place to protect the personal data we trust them with.
Do you have an appointed Data Protection Officer?
Yes, we have a dedicated ‘data protection officer’, as well as privacy and security professionals who provide ongoing assistance in ensuring the highest degree of protection and compliance: firstname.lastname@example.org