Revision Date: Aug 25, 2022
Revision Date: Aug 25, 2022
The EU General Data Protection Regulation (GDPR) is the most comprehensive change to EU data privacy law in decades. It took effect on the 25th May 2018. We work hard to comply with the GDPR and apply its principles as we build new services.
The GDPR regulation applies to any EU residents' data, regardless of where the processor or controller is located. This means that if you’re using Tomba from the US to reach out to other US corporations, the regulation doesn’t affect you. But if some of your customers or leads are in the EU, you should pay attention to it.
In practice, most companies need to take the GDPR into consideration.
The EU General Data Protection Regulation (GDPR) is now in effect, and Tomba is here to support you in meeting its requirements.
GDPR is setting a new standard for how organizations collect, use, and protect personal information of individuals domiciled in the EEA country. With the growing concern for data safety, this law is designed to restore the confidence of the public.
Whether or not your organization is based in the EEA, all business that control or process personal information of individuals domiciled in the EEA country have to do so in accordance with the GDPR requirements.
As an employer, this means that you are responsible for ensuring that the personal information of your EEA domiciled employees is processed in accordance with the GDPR requirements.
Because of this, you are also responsible for ensuring that any service providers that you use will process the personal information of your EEA domiciled employees in accordance with the GDPR requirements.
Tomba's is committed to ensure its GDPR compliance.
Here are some of the following measures that Tomba has put in place:
Tomba has prepared a Data Processing Addendum that contains the GDPR contractual requirements. Where applicable, this Data Processing Addendum is incorporated into our Tomba Terms of Service for Cloud Services, available at https://tomba.io/terms-of-service.
Tomba is committed to maintaining appropriate technical and organizational security measures to protect your employees' personal information that is processed using Tomba Cloud Services in line with the GDPR requirements.
Because we deal with publicly available web data, information removed from a website are also removed from our database. But if a data subject wishes to speed up the removal of any in our index, we offer a way to claim email addresses. It is then possible to either update the data or entirely remove it.
We’re taking the security of the data we manage very seriously. Our architecture has been vastly upgraded prior to the GDPR enforcement: Our entire cluster is systematically behind a firewall. Double authentication is required for any connection. We’ve also subscribed to Cloudflare to provide a Web Application Firewall (WAF) and a systematic block of potential threats. Finally, we’re continuously improving our security. You can learn more about this topic on our page dedicated to this subject: .
We store and process all our data exclusively in the EU. We even store our off-site backups within the EU.
Tomba follows a standard procedure of using log files. These files log visitors when they visit websites. All hosting companies do this and a part of hosting services' analytics. The information collected by log files include internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. These are not linked to any information that is personally identifiable. The purpose of the information is for analyzing trends, administering the site, tracking users' movement on the website, and gathering demographic information.
The GDPR gives the right to any user to download any data that he provides to a service. This allows for easier migration to other services. We think this is a great idea and tomba has always made it possible for user to download their data.
Another part of our priority is adding protection for children while using the internet. We encourage parents and guardians to observe, participate in, and/or monitor and guide their online activity. Tomba does not knowingly collect any Personal Identifiable Information from children under the age of 13. If you think that your child provided this kind of information on our website, we strongly encourage you to contact us immediately and we will do our best efforts to promptly remove such information from our records.