Accept cookies to help optimize your search experience.

GDPR Compliance

by GDPR Compliance Information on 05-23-2018 in Costa Rica, Chamber of Commerce

GDPR Compliance Information

Here at Ask Zipy, we take your data privacy and security very seriously. We’re currently preparing for the European General Data Protection Regulation (GDPR), which is coming into force on May 25th, 2018.

What exactly is GDPR?

The General Data Protection Regulation (GDPR) is the result of years of work by the European Union to unify and strengthen data protection for all citizens within EU borders.

GDPR gives you more control over how your data is used, while to us it will constitute a change of the legal environment in which we operate. That makes this change desirable and very beneficial to both parties, regardless of it being mandatory.

Our company is doing everything to ensure that our product, policies, and procedures will be compliant with those regulations before they will become enforced on May 25th, 2018.

Feel free to have a read from the official GDPR description here: Wikipedia

How does GDPR work?

First of all, GDPR affects and applies to every single organization that processes personal data of EU citizens, whether kept within the EU or outside of it. Any person-related information that can be used to identify is subject to GDPR regulation and its job is to ensure that processing any personal data (collecting, transferring, storage, and use) is made in the most secure way possible.

GDPR is in place to prevent any kind of data leakage or violation and will ensure that every company maximizes their security around customers' data.

What do I need to do?

Make sure that your Terms of Service and Privacy Policy properly communicate to your customers how exactly you are using your website. If you collect personal data from your customers and process them via our app, you should inform your customers about their entitlements under GDPR. We recommend you ensure your policies and internal documentation are up-to-date and as clear as possible. You can use this template in the terms of your website:

 [Your company name] is not making use of these messages or data other than to follow up on users’ registered issues or inquiries. Your personal data will be processed and transmitted in accordance with the General Data Protection Regulation (GDPR).

Here are a few examples of what GDPR requires, imposes, or provides:

Expanded individual rights

GDPR grants expanded rights for individuals in the European Union by allowing them, amongst other things, the right to be forgotten and the right to request a copy of any personal data stored in their database.

Compliance obligations

GDPR requires all organizations to implement appropriate security policies, keep records on data activities, and enter into written agreements with vendors to make sure that data is protected.

Data breach notifications

GDPR requires organizations to report certain data breaches to data protection authorities and, under certain circumstances, to the affected data subjects.

New requirements for profiling and monitoring

GDPR imposes additional obligations on all organizations engaged in profiling or monitoring behavior of EU individuals.

Increased Enforcement

GDPR provides a central point of enforcement for all organizations operating in the EU or processing data of EU individual member states by requiring companies to work with a supervisory authority for cross-border data protection issues.

Frequently Asked Questions

Q: What is the EEA?

A: The EEA (European Economic Area) is the area in which the Agreement on the EEA provides the free movement of persons, goods, services, and capital within the European Single Market, including the freedom to choose the residence in any country within this area. The EEA was established on January 1st, 1994 upon the EEA Agreement has come into force.

You can read more about the EEA here - Wikipedia

Q: Is Ask Zipy responsible for the data processing on your clients' end?

A: Ask Zipy is under no circumstances responsible for that, as it is our clients' choice to either be compliant or not. We suggest that they become compliant with GDPR.


Q: Who is held responsible in the case of data leak or breach of privacy policy?

A: The client; we are not responsible for the actions taken by our clients when it comes to GDPR. We simply provide the means for them to communicate with their own customers, while the way they handle their compliance and data is their own responsibility.


Q: What do your cookies track?

A: A full list of what is being tracked will be provided in our privacy policy.


Q: Where is your data and applications stored?

A:  All our data is stored on servers located in EEA member counties.


Q:  Is your data ever moved outside of the EEA?

A: We are not currently moving any personal data outside of EEA member countries.


Q: Do you transfer data between data centers?

A: No, we do not.


Q: Is your data encrypted both at rest and in transit?

A: Data transfer is always processed with encrypted protocols and takes place on a private secure server. Data at rest is not encrypted.


Q: Who can access my data? Under what circumstances does that happen and what do they see?

A: No unauthorized personnel has access to the data. Access is only granted to the technical team who is responsible for server stability. Access to those is highly monitored and tracked in our activity log, kept on a separate private server.


If you have any questions or doubts, please contact us via chat on our website or at



Log in to post a comment