CleanTalk GDPR Compliance
This document provides information about the law and our plans for implementing the GDPR’s important principles for CleanTalk’s services.
CleanTalk offers customers Standard Contractual Clauses, that make specific guarantees around transfers of personal data for in-scope CleanTalk services. SCCs contain clauses regulating the transfer and processing of personal data which are deemed to be in compliance with the GDPR. This means, that personal data will be transferred and processed in compliance with EU data protection law.
Where can I find the SCCs?
You need to log in to the CleanTalk Dashboard and go to the profile section. Click on the Standard Contractual Clauses menu, download and sign the SCCs, then upload the signed SCCs on the same page or use a direct link https://cleantalk.org/my/profile#scc_agreement.
Our servers are located in USA and EU. We strive to store data on servers corresponding to the geo location of users, however load balancing and some other technical aspects lead to the fact that data is automatically distributed between servers.
All clients of the service represent controllers of any personal data that are being transferred to CleanTalk to offer proper functioning service. A Data Controller defines aims and means of personal data processing, while a Data Processor works with data on behalf of the Data Controller. CleanTalk as a Data Processor will work with personal data on behalf of its clients in view of offering its service to the clients.
Inform your clients about what data are being collected on your website and who processes them. Indicate this information in the rules of your website usage or/and in your confidentiality policy.
“By using this website, your IP address can be stored and processed for security reasons. Your IP address may be saved in the server log files, CMS log files, CleanTalk Anti-Spam & Security log files, Google Analytics, Google Adwords.
Our website uses the 3rd parties services such as the CleanTalk Anti-Spam & Security, Google Analytics, Google Adwords. They can store and process your IP address.
You can add, remove or change this text as you wish.
The moment a visitor sends a POST request such as comment, registration or contact form submission, the CleanTalk Anti-Spam receives and processes the following personal data if they exist: IP address, e-mail, text and values of each filled form field. Therefore each website form should grant a visitor the ability to give permission to process and keep these data.
By pressing “Submit” I confirm and give permission to process my personal data.
You can leave the link to the description of who and what data will be stored and processed. Example:
When you submit this website form your personal data will be stored on this website such as your IP address, your e-mail, your text of the comment and data of website form fields. Also, for security reasons and to protect this website from spam, your data will be processed in the CleanTalk Cloud Service and they will be stored in log files for 7 days by default (45 days if the extended package is active). On the expiry of the mentioned period, they will be deleted completely. CleanTalk may use the information of spam activity of IP/email addresses to offer proper anti-spam protection to all websites connected to its service. It concerns exclusively those IP/email addresses that are being used for spam mailing.
Personal Data Management
At any moment you can delete information of any request via your CleanTalk Control Panel.
You can choose how long the service should keep data: 7 or 45 days or do not keep approved requests at all.
You also can exclude any website form fields from sending their data to the CleanTalk Anti-Spam or you can set a list of website pages for CleanTalk to ignore them completely.
- Can I add exclusions for some pages of my site?
- Can I not send my personal data to CleanTalk servers?