GDPR Compliance


Last updated: 25.05.2017


Pepzen Ltd. ("Pepzen") is committed to providing its customers full transparency and control over their users personal data, empowering them in their pathway to GDPR compliance. We also updated our Privacy Policy with the "3. Rights under GDPR" section, and we updated our Cookie Policy as well.

What is GDPR and how does it affect Pepzen's website and application users and customers ("Customers")?



On May 25, 2018, The European Union begins to enforce a new data privacy law called the General Data Protection Regulation (GDPR) replacing the previous Data Protection Directive. A primary aim of the GDPR is to provide people in the EU greater control over their personal data and data which is collected about them.

Any company that collects (or processes on behalf of the company that collects) personal data of persons in the EU falls under the scope of the GDPR, even if the company has no physical presence in the European Union. This means that most businesses with a global or online presence, including Customers are affected.

If you are using the Pepzen’s website at www.pepzen.com or any other Pepzen tool or service, including those accessible through websites maintained, in whole or in part, by Pepzen, or through mobile devices, applications or software (collectively, the “Applications“), Pepzen is considered a Data Controller and a Data Processor too. A Data Controller is the entity that determines the purposes, conditions and means of the processing of personal data. If you have an agreement with Pepzen to host your website or application, or support them, Pepzen is considered a Data Processor. Customers are Data Controllers. Pepzen has a Data Processing Agreement ("DPA") in place with their Customers subject to web hosting services.

Is Pepzen using third-parties to process data?

Pepzen, just like any other business, currently uses third-party Sub Processors to provide various business functions like web hosting, web or application analytics, cloud infrastructure, email notifications, and customer support. The list of our Sub Processors: Heroku Services, Amazon Web Services, SendGrid Email delivery Service, CloudKit. Pepzen stores data in cloud by these Sub Processor in EU Region, mostly in Ireland.

Processor and each Processor Affiliate may continue to use those Sub Processors already engaged by Processor or any Processor Affiliate as of the date of the Pepzen's DPA. It is acknowledged and agreed that as of the date of the Pepzen's DPA Processor uses Heroku Services, Amazon Web Services, SendGrid Email delivery Service and CloudKit services as Sub Processors for the purpose of cloud hosting services, which use is subject to the respective their applicable guidelines.

What is Pepzen Data Usage Policy? What are my rights?

Our Privacy Policy explains how personal information is collected, used and disclosed by Pepzen Ltd. with respect to the user access and use of the Pepzen’s website at www.pepzen.com or any other Pepzen tool or service, including those accessible through websites maintained, in whole or in part, by Pepzen, or through mobile devices, applications or software (collectively, the “Applications“) so you can make an informed decision about using Applications. In your Privacy Poliy under +. Rights under GDPR section, you can find your Rights, as Right to Restrict Processing, Right of Access (Access to Information), Right to Erasure (Also known as the right to be forgotten), Right to Rectification or Right to Object, and how you can live with them.

Further information

For further information about GDPR (General Data Protection regulation), please see https://ec.europa.eu/info/law/law-topic/data-protection_en
If you have any questions regarding privacy while using Applications, or have questions about our practices, please contact us via email at hello@pepzen.com