Spirit is committed to the continued protection of our customer’s data and privacy. We welcome legislation which further offers privacy protection to our customers. 

What is GDPR?

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individual citizens of the European Union and the European Economic Area. Companies must be compliant with GDPR if they offer services to or process data of any EU citizens, even if they are not located in the EU.

What has Spirit done for GDPR?

We have made GDPR readiness a company wide effort. Along with continued focus on privacy regulation in future features and policies, these are the steps we have taken so far:

• We’ve reviewed and mapped what data we store and how we store it. This can be found in our privacy policy.
• Revised our security protocols, more of which can be found here.
• We’ve created a Data Processing Addendum.
• We’ve appointed a Data Protection Officer.
• Spirit maintains a list of our subprocessors and vendors, which can be found here.
• We contractually require all subprocessors to comply with GDPR through Data Processing Agreements.

Where can I find your Data Processing Addendum?

You can find our Data Processing Addendum here. If you need a signed copy for your organization, please submit a request to legal@getspirit.io.

How can I learn more?

If you have any questions concerning Spirit and GDPR, please reach out to legal@getspirit.io

To learn more about GDPR as a topic, visit the EU’s website on GDPR here.