Swedish Organization Number: 556745-2924
Kungsgatan 60 11122 Stockholm
Gavagai AB. Kivra: 556745-2924. 106 31 Stockholm, Sweden
We prefer all invoices to be sent via e-invoicing (EDI). To locate us in your invoicing system, please use our Organization number or GLN (both shown above).
If an EDI-invoice can not be sent, please send invoices through
invoice [at] gavagai.io
Terms and Conditions
Gavagai is dedicated to maintaining the best security for our partners and customers and their customers in turn when it comes to the protection of personal data under the GDPR.
What you should know
According to the General Data Protection Regulation (GDPR) there is a distinguishment between:
|・||Data Controller – who collects and owns the data|
|・||Data Processor – who handles and processes the data on behalf of the Controller|
Gavagai is a Data Processor. As a customer of Gavagai, you are either the Controller (if you use Gavagai to analyze your own data) or a sub-contracted Processor (if you process another company’s data).
In most cases, the data we receive for processing should not contain any personal data. So, if this is the case, no further action on your part (as a customer) is needed.
On the other hand, if you need to process personal data that falls under the GDPR, you will either be classified as:
|・||Data Controller, if the data being processed originates from you|
|・||Sub-Processor, if the originates from a customer of yours|
As a Data Controller, you also must meet certain obligations, such as notifying or obtaining data subjects’ consent if you process personal data.
How Gavagai can help
As the data processor, Gavagai promises to:
|・||Keep clients’ data safe, secure and private|
|・||Handle Data Subject requests, such as right-to-erasure and right-to-access|
|・||Keep records of compliance and audit logs as required|
|・||Disclosure our sub-processors and monitor their GDPR compliance|
|・||Notify about security breach using account contact information|
GDPR in Explorer
How is Personal Data (as defined by GDPR) handled in Explorer?
GDPR assumes the use of structured data, such as names and phone numbers in a database format, and that this data can be searched for.
However, this is not how Explorer works with data sets.
- Explorer does not tag data, which makes it impossible to list the type of personal data collected.
- Explorer does not attempt to use Personal Data in its analysis.
- Any personal data collected in the data set is unintentional, and entering such data should be avoided.
Because Explorer doesn’t tag personal data, there is currently no solution to manually delete personal data from the data sets in Explorer, nor to extract information about what Personal Data has been obtained regarding a specific person.
In summary, Explorer does not need Personal Data to function, and if there is Personal Data in the data set, it will be ignored. Therefore, we strongly recommend that our users have a process to clean data sets from Personal Data before uploading it to Explorer.
Should Personal Data still enter the system, this should not present a problem. All data entered by users into Explorer are stored only on Gavagai’s private servers residing in high-security data centers in Sweden. No sub-processors are used and data will never leave the EU. When a customer ceases to use the service data will remain for two weeks on back-up media, after which it will be permanently deleted.
The Data Privacy and Processing Addendum
According to the new regulation each data processor is required to write a Data Processing Addendum that specifically covers all the details and legislation needed to demonstrate compliance with GDPR. Since this document must reflect our actual internal policies and procedures, Gavagai (as the Data Processor) is in the best position to enumerate how we comply.
Every Gavagai customer is eligible to request and sign our established Data Processing Addendum. Please contact us.
If you want to change what cookies you allow us to use, go to your browser settings. Your browser’s Help section will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, how to disable and remove cookies, and when cookies will expire.
When providing our service, Gavagai utilizes the following Sub-Processors. Some of these Sub-Processors store data in the USA.
- Fortnox – https://support.fortnox.se/hc/sv/sections/115001535709-GDPR
- 3scale – https://access.redhat.com/gdpr
- Chargify – https://help.chargify.com/my-account/gdpr.html
- Atlassian services (JIRA, Confluence, HipChat, Trello) – https://www.atlassian.com/blog/announcements/atlassian-and-gdpr-our-commitment-to-data-privacy
- Hubspot – https://www.hubspot.com/data-privacy/gdpr
- MailChimp – https://blog.mailchimp.com/tag/gdpr/
- Freshdesk – https://www.freshworks.com/privacy/gdpr/company/
- Zapier – https://zapier.com/help/gdpr/
- Heroku – https://devcenter.heroku.com/articles/gdpr
- Slack – https://slack.com/intl/en-se/gdpr
- Elastic – https://www.elastic.co/gdpr
- MongoDB – https://www.mongodb.com/legal/privacy-policy
- Google Cloud – https://www.cloud.google.com/security/gdpr
- Hotjar – https://www.hotjar.com/legal/compliance/gdpr-commitment/
- Google Analytics – https://privacy.google.com/businesses/compliance/