DeepSource Ltd and the GDPR
Privacy and Security Contact
Pavel Tashev
pavel.tashev@deepsource.net
boulevard Vasil Levski 63, fl.1, ap.1, Sofia, Bulgaria
As part of our ongoing efforts to protect the security and privacy of our users, we are working to meet or exceed the GDPR (General Data Protection Regulation). This site contains information on what steps we are taking, their progress, and who to contact for any security concerns. Please see our FAQ for more information.
Data Processing Addendum
If you need a signed DPA, please use the button below to cross sign and download your copy of our DPA.
Make A Data Request
We respect the rights of individuals to know how their data is being used, export it or request that it be deleted.
Data Processing Partners
We rely on a number of trusted 3rd parties to assist with our operations. Depending on the exact nature of your account and what you've requested we do, your data may be shared with one of these partners. We carefully evaluate each to make sure they're handling your personal data with the utmost of respect, security, and privacy.
| Services | ||||
|---|---|---|---|---|
| Partner | Locale | Data Shared | Purpose | |
| Cloudflare |  |
IP Address | Automatically optimizes the delivery of your web pages so your visitors get the fastest page load times and best performance. |
|
| Contact Form 7 | |
IP Address | Specifically designed for wordpress blogs. Contact Form 7 can manage multiple contact forms, plus you can customize the form and the mail contents flexibly with simple markup. |
|
| Google Analytics | |
IP Address | Google Analytics offers a host of compelling features and benefits for everyone from senior executives and advertising and marketing professionals to site owners and content developers. |
|
| Typeform | |
IP Address | Simple well designed forms widget. |
|
| Zoho Mail | |
IP Address | Business email hosting from Zoho. |
|
Compliance Tasks
GDPR Compliance requires maintenance and ongoing work. We are tracking our efforts here.
| Application Site Security | |
|---|---|
| Status | Name |
| Completed | SSL (TLS) Deployed on App Site |
| Completed | Ensure Web Application Firewall enabled and blocking common attacks |
| Completed | Ensure Database Backups of Personal Data are working |
| Completed | Added External Javascript Files to Data Partners |
| Completed | HSTS (HTTP Strict Transport Security) added to SSL/TLS of App Site |
| Completed | Registered with HaveIBeenPwned Domain Notification |
| Completed | Ensure internal employees and contractors behaviors around personal data are documented. |
| Completed | Inform Users about the GDPR Page |
| Data Mapping | |
|---|---|
| Status | Name |
| Completed | Add CDN Provider to Data Partners |
| Completed | Add Web Analytics Service to Data Partners |
| Completed | Add Internal Email Service to Data Partners |
| Completed | Add Social Embeds to Data Partners |
| Completed | Add Third Party Web Font Services to Data Partners |
| Privacy Procedures | |
|---|---|
| Status | Name |
| Completed | Get Management Approval for GDPR Efforts |
| Completed | Nominate a Data Protection Lead or Data Protection |
| Completed | Developed a Data Processing Agreement |
| Completed | Process established for subject data requests |
| Completed | Procedure established to allow for people to request that inaccuracies in their data are fixed. |
| Completed | Briefed all Staff on GDPR Impact to the organization |
| Completed | Informed all Employees and Contractors about GDPR Compliance |
| Completed | Data Protection Policy Created |
| Completed | Privacy Policy Updates |
| Security Procedures | |
|---|---|
| Status | Name |
| Completed | Publish statement on public website on how to report security and data issues. |
Frequently Asked Questions
If you have any concerns not answered here, please reach out to our contact (listed above) and we'll be happy to assist.
What's the GDPR?
The General Data Protection Regulation (GDPR) is a new piece of privacy legislation enacted by the European Union. It represents a significant change in how personal (IP Addresses, Emails, Names) and sensitive (religion, ethnic origin, health, orientation) data is handled by companies.
Do Non EU Companies need to comply with the GDPR?
While it remains to be seen if the EU has the legislative power to levy fines and enforcement against organizations around the globe, GDPR compliance is being sought by non EU companies for a variety of reasons.
- Customers and Prospects are making it a requirement
- It's a solid framework for improving the handling of personal information and complying with the GDPR requirements improves our own security.
How Do I Report a Security Issue?
We take all security reports seriously. Please email our security contact (information listed above) with any information you have regarding any potential data breaches, vulnerabilities or concerns.