HeyTaco Guide to GDPR

On May 26th of 2018 the European Data Protection Regulation (GDPR) became effective. This regulation means people who process or control data about European Union (EU) citizens must adhere to it.

The purpose of GDPR is to help protect the privacy of EU citizens. We believe it's a step in the right direction to a more transparent and fair online world for consumers and businesses.

As a result, if anyone in your Community (i.e. team, company, workspace, group) has a HeyTaco account and is an EU citizen, then you are subject to GDPR. We've put together a guide here to help you navigate the complexities of GDPR and to assure you we're here to help.

Please know, we take your privacy and security seriously at HeyTaco. We're always available to speak with you if you ever have questions, concerns, or feedback for us. Please don't hesitate to contact us at [email protected]. We're just one email away 😊.

Who you are: Administrators, Members, and your Community

If you use HeyTaco you are either a Member or an Administrator. Your Heytaco Community is made up of Members and Administrators. Administrators have access to all Member data and have control of your Community's settings and data. If you do not know who you Administrators are, please contact us at [email protected].

How you can fulfill data request, modification, and deletion

If you are an EU citizen and use our Services, then you have specific rights to your data. This relates to GDPR Chapter 3—Right of the data subject. You can request to receive your data, modify it, and/or delete it. HeyTaco Administrators and Members can export their data from the website at any time at the following locations

If you want to delete or modify your data please contact your HeyTaco Administrator first. Your Administrator will then contact us to fulfill your data request. If you cannot contact your Administrator or they will not fulfill your needs, please contact us at [email protected].

If you are not an EU citizen and would like to modify or delete your data, we can only do that if your Administrator gives us their permission to do so.

Transporting EU citizen data to other countries

If your Community has Administrators or Members that are EU citizens you must ensure data about EU citizens is transferred and protected in accordance with GDPR (Chapter V, Articles 44-50). This means personal data about EU citizens can only be transferred and stored in countries the European Commission has recognized as providing adequate protection. You can view the up to date list by clicking here (https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en).

Your HeyTaco data is stored in the United States, but we do not have a Privacy Shield framework certification. We are not pursuing a Privacy Shield certification at this time due to uncertainty around its continued effectiveness and ability to satisfy GDPR requirements.

As a result, we recommend anyone using our Services, with EU citizens in their Community, complete and sign a Data Processing Addendum (DPA). The DPA contains European Union Model Clauses, known as Standard Contractual Clauses, to meet the requirements for GDPR. At this time, we believe a DPA is a longer lasting solution than a Privacy Shield certification.

You can request one by emailing us at [email protected]. If you have your own DPA document, we are happy to review and sign it instead.

GDPR gives a clear way to lodge complaints

As an EU citizen you can report GDPR violations to your Data Protection Authority. You can find a list of Data Protection Authorities by clicking here (http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm) or searching on the internet.

Our goal is to never let things escalate to the point where you need to file a complaint. Please contact us if you ever feel like we are not complying with your rights under GDPR. 

Staying Updated

GDPR is new and the world and European Commission is still reacting to it. Rules may change, and we will do our best to post updates affecting HeyTaco on this page. We have put a few resources below you can use to better familiarize yourself with GDPR, our policies, and policies of the chat platforms we integrate with.