Maxio has always been dedicated to maintaining the best security for our merchants and their customers. We offer complete GDPR compliance.
What you should know
GDPR distinguishes between a data controller (who collects and owns the data) and a data processor (who handles the data on behalf of the Controller). Advanced Billing is a data processor. As a merchant with Advanced Billing, you are usually the controller (unless you happen to be sub-contracted processor for another company).
When classified as the data controller, Advanced Billing merchants must meet certain obligations, such as notifying or obtaining data subject consent.
How Maxio can help
As the data processor, Maxio promises to:
- Keep your data safe, secure, and private
- Maintain our EU Privacy Shield certification to allow for cross-border transfer of personal data
- Disclose our sub-processors and monitor their GDPR compliance
- Keep records of compliance and audit logs as required
- Make available tools to handle data subject requests, such as right-to-erasure and right-to-access
- Notify you of a security breach using your account notification contact
The Data Privacy and Processing Addendum
Although GDPR is very new, the standard has begun to emerge that each data processor writes a Data Processing Addendum that specifically covers the legal language needed to demonstrate compliance with GDPR. Since this document must reflect our actual internal policies and procedures, Advanced Billing (as the processor) is in the best position to enumerate how we comply. (We can’t sign a contract that claims we do something that we actually don’t do!)
Every Advanced Billing merchant is eligible to request and sign our established Data Processing Addendum. Simply email us at support@maxio.com
Data Processors
When a Merchant’s employee accesses the Advanced Billing system, we utilize various Data Processors. These Data Processors do not receive personal information about subscribers or end-customers.
- Twilio - https://www.twilio.com/gdpr
- Zoho - https://www.zoho.com/lp/gdpr.html
- Salesforce - https://www.salesforce.com/eu/campaign/gdpr/
- Segment - https://segment.com/product/gdpr
- Autopilot - https://blog.autopilothq.com/what-is-gdpr/
- Mailchimp - https://blog.mailchimp.com/gdpr-forms-and-more-tools/
- Zapier - https://zapier.com/help/gdpr/
- Zendesk - https://www.zendesk.com/company/customers-partners/eu-data-protection/
Sub-Processors
Advanced Billing utilizes the following sub-processors when providing our service. Subscriber data is shared, stored, or processed on these services:
- Amazon Web Services - https://aws.amazon.com/compliance/gdpr-center/
- SumoLogic - https://www.sumologic.com/compliance/what-is-gdpr/
- SendGrid (if you enable any email sending inside Advanced Billing) - https://sendgrid.com/resource/general-data-protection-regulation/
- Avalara (if you enable Avalara tax integration) - https://www1.avalara.com/us/en/legal/terms.html
- Honeybadger - https://www.honeybadger.io/gdpr/
- Heroku - https://help.heroku.com/RXPQ7FOV/eu-general-data-protection-regulations-gdpr
- Google Cloud - https://cloud.google.com/security/gdpr/
Integration Partners
You also have the option to enable additional Advanced Billing integrations (either built-in or through our APIs or Webhooks). We do NOT directly evaluate or attest to the GDPR qualifications of integration partners. Each merchant is responsible for evaluating any third-party before creating or enabling an integration. You should ensure you establish a direct contractual privacy agreement with any third-party that you ask Advanced Billing to transmit Data Subject personal data to. These include, but are not limited to:
- Your chosen Gateway or Payment Processor
- Avalara
- Xero
- QuickBooks Online
- Salesforce
- Mailchimp
- Shopify
- Twilio