At Fusebill, we take personal data information obligations very seriously.
Together with our Privacy Policy, this document will help you better understand the personal information we collect, why we collect it, how we use personal information and how we protect it. In full compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) which comes into effect May 25, 2018, it also explains the various rights of the data subject, including the right of access and the right to erasure (aka “the right to be forgotten”).
The GDPR distinguishes between a Data Controller (the legal entity that determines the purpose for which, and the manner in which, any personal data is collected) and a Data Processor (the legal entity responsible for the handling of personal data on behalf of the Data Controller). Fusebill is a Data Processor. In most cases, Fusebill merchants are Data Controllers and as such, are responsible for a variety of data protection policies and practices related to notice, collection, retention, access and erasure (aka the “right to be forgotten”).
In keeping with our obligations as a Data Processor, Fusebill promises to:
To satisfy the GDPR, each Data Controller must receive “sufficient guarantees” from its Data Processors that they can implement measures (technical and organizational) to meet the requirements of the GDPR. Since there are currently no codes of conduct or certifications upon which Data Controllers can rely, standard contractual clauses and data processing agreements are quickly becoming the norm.
Fusebill’s Data Processing Addendum is available here: Download. If you are an existing Fusebill customer or partner, our Data Processing Addendum amends your Services Agreement or Reseller Agreement, as applicable and governs the processing of any personal data which is provided or made available to us.
We use the following third party data processors when providing our service:
You also have the option to enable additional Fusebill integrations (either built-in or through our APIs or webhooks). We do NOT directly evaluate or attest to the GDPR qualifications of our integration partners. Each merchant is responsible for evaluating any third-party before creating or enabling an integration. These include, but are not limited to:
The DPO is Peter Mackie, VP of Sales at Fusebill Inc. You can contact him at privacy@fusebill.com.
We recommend you first contact the Data Controller (i.e. the merchant organization to whom Fusebill is providing the Fusebill Service).
You may request a full report on the personal information we hold for you by sending an e-mail to privacy@fusebill.com.
In the subject line, please indicate “Request for Personal Information”. In your email, please specify:
Please note that we will need to share your request with the Data Controller to verify and action it. We will endeavor to fulfill all access requests within 30 days of our receipt.
We recommend you first contact the Data Controller (i.e. the merchant organization to whom Fusebill is providing the Fusebill Service).
You may request deletion of personal information by sending an e-mail to privacy@fusebill.com.
In the subject line, please indicate “Request for Deletion”. In your email, please specify:
Please note that we will need to share your request with the Data Controller to verify and action it. We will endeavor to fulfill all access requests within 30 days of our receipt.
If you have any questions about this document or our Privacy Policy, please contact us directly at privacy@fusebill.com.