pitchXO and the GDPR
Data Privacy Officer
Markus Stefanko
markus@pitchxo.com
RM 1201, 16/F Beverley Commercial Centre, Chatham Rd South, Tsim Sha Tsui, Kowloon, Hong Kong
As part of our ongoing efforts to protect the security and privacy of our users, we are working to meet or exceed the GDPR (General Data Protection Regulation). This site contains information on what steps we are taking, their progress, and who to contact for any security concerns. Please see our FAQ for more information.
Data Processing Addendum
If you need a signed DPA from pitchXO, please use the button below to cross sign and download your copy of our DPA.
Make A Data Request
We respect the rights of individuals to know how their data is being used, export it or request that it be deleted.
Data Processing Partners
We rely on a number of trusted 3rd parties to assist with our operations. Depending on the exact nature of your account and what you've requested we do, your data may be shared with one of these partners. We carefully evaluate each to make sure they're handling your personal data with the utmost of respect, security, and privacy.
| CDN Providers | ||||
|---|---|---|---|---|
| Partner | Locale | Data Shared | Purpose | |
| BootstrapCDN |  |
IP Address | MaxCDN's Bootstrap CDN system. |
|
| CDN JS | |
IP Address | CloudFlare's CDN with popular javascript frameworks available. |
|
| CloudFront | |
IP Address | Amazon CloudFront is a web service for content delivery. It integrates with other Amazon Web Services to give developers and businesses an easy way to distribute content to end users with low latency, high data transfer speeds, and no commitments. |
|
| MaxCDN | |
IP Address | MaxCDN's Dynamic Site Acceleration optimizes content delivery and web applications by using edge locations. Previously known as NetDNA. |
|
| Twitter CDN | |
IP Address | This page contains content sourced from the Twitter CDN, either by the use of Widgets or linking to image content on twimg.com currently hosted by Akamai and Amazon. |
|
| Customer Support (Helpdesk) Services | ||||
|---|---|---|---|---|
| Partner | Locale | Data Shared | Purpose | |
| Intercom | |
IP Address | Intercom is a customer relationship management and messaging tool for web app owners |
|
| Database Processors | ||||
|---|---|---|---|---|
| Partner | Locale | Data Shared | Purpose | |
| Firebase by Google | |
All lead account information All dataroom information | Google Firebase is a secure Database Provider |
|
| Email Services | ||||
|---|---|---|---|---|
| Partner | Locale | Data Shared | Purpose | |
| Mailchimp | |
Email Name | Mailchimp is a Newsletter service |
|
| Mailgun | |
Email Name Lead Information | Mailgun is a transactional email service provider. When we send emails from our system, we send them through Mailgun. |
|
| Error Reporting Services | ||||
|---|---|---|---|---|
| Partner | Locale | Data Shared | Purpose | |
| TrackJS | |
IP Address | JavaScript error detection app for detecting JS errors on customer visits. |
|
| Hosting Providers | ||||
|---|---|---|---|---|
| Partner | Locale | Data Shared | Purpose | |
| Amazon AWS |  |
Backups DNS Data Room Storage | Highly-scalable cloudsolutions |
|
| Google Cloud | |
IP Address | Website hosted on Google Cloud Platform. |
|
| Hetzner |  |
All Application Data | As a leading webhosting provider and experienced datacenter operator in Germany, Hetzner Online offers professional hosting solutions. |
|
| WPEngine | |
IP Address | WP Engine provides managed WordPress hosting for mission critical sites around the world. Enterprise class and optimized for WordPress. |
|
| Performance Monitoring Applications | ||||
|---|---|---|---|---|
| Partner | Locale | Data Shared | Purpose | |
| mod_pagespeed | |
IP Address | mod_pagespeed is an open-source Apache module that automatically optimizes web pages and resources on them. |
|
| Services | ||||
|---|---|---|---|---|
| Partner | Locale | Data Shared | Purpose | |
| Browser-Update | |
IP Address | A service that provides the opportunity to inform your visitors unobtrusively to switch to a newer browser. |
|
| DoubleClick.Net | |
IP Address | DoubleClick enables agencies, marketers and publishers to work together successfully and profit from their digital marketing investments. |
|
| Facebook Custom Audiences | |
IP Address | Custom Audiences from your website makes it possible to reach people who visit your website and deliver the right message to them on Facebook. |
|
| Facebook Domain Insights | |
IP Address | This website contains tracking information that allows admins to see Facebook Insights out of Facebook to this domain. |
|
| Facebook for Websites | |
IP Address | Allows a user to make a website more sociable and connected with integrations from the hugely popular Facebook website. |
|
| Facebook SDK | |
IP Address | JavaScript SDK enables you to access all of the features of the Graph API via JavaScript, and it provides a rich set of client-side functionality for authentication and sharing. It differs from Facebook Connect. |
|
| Facebook Signal | |
IP Address | Journalists use Signal to surface relevant trends, photos, videos and posts from Facebook and Instagram for use in their storytelling and reporting. |
|
|
IP Address | Site hosted on Google infrastructure. |
||
| Google Apps for Business | |
IP Address | Web-based email, calendar, and documents for teams. Renamed to Google Apps for Work, but now known as G Suite From Google Cloud. |
|
| Google Conversion Tracking | |
IP Address | This free tool in AdWords can show you what happens after customers click your ad (for example, whether they purchased your product, called from a mobile phone or downloaded your app). |
|
| Google Hosted Libraries | |
IP Address | Google Hosted Libraries is a globally available content distribution network for the most popular, open-source JavaScript libraries. |
|
| Google Maps | |
IP Address | Google maps embedded into the webpage. |
|
| Google Maps Engine | |
IP Address | Offering both a platform solution and professional application, Google Maps Engine enables a full spectrum of maps creation. |
|
| Google Remarketing | |
IP Address | Google code specifically for remarketing/retargeting based advertising. |
|
| Google Tag Manager | |
IP Address | Tag management that lets you add and update website tags without changes to underlying website code. |
|
| Google Universal Analytics | |
IP Address | The analytics.js JavaScript snippet is a new way to measure how users interact with your website. It is similar to the previous Google tracking code, ga.js, but offers more flexibility for developers to customize their implementations. |
|
| GStatic Google Static Content | |
IP Address | Google has off-loaded static content (Javascript/Images/CSS) to a different domain name in an effort to reduce bandwidth usage and increase network performance for the end user. |
|
| UserVoice | |
IP Address | A feedback tool for users to offer suggestions for improvements to the site |
|
| Web of Trust | |
IP Address | Internet Security Badge with Web of Trust |
|
| Third Party Web Font Services | ||||
|---|---|---|---|---|
| Partner | Locale | Data Shared | Purpose | |
| Google Font API | |
IP Address | The Google Font API helps you add web fonts to any web page. |
|
| Typekit | |
IP Address | Typekit is the easiest way to use real fonts on the web. It's a subscription-based service for linking to high-quality Open Type fonts from some of the worlds best type foundries. |
|
| Video Services | ||||
|---|---|---|---|---|
| Partner | Locale | Data Shared | Purpose | |
| Vimeo | |
IP Address | Vimeo is a video-sharing website in which users can upload, share and view videos. |
|
| Wistia | |
IP Address | Wistia is a video marketing, sales, and collaboration application. |
|
| Youtube | |
IP Address | YouTube is an American video-sharing website headquartered in San Bruno, California. |
|
| Web Analytics Services | ||||
|---|---|---|---|---|
| Partner | Locale | Data Shared | Purpose | |
| Google Analytics | |
IP Address | Google Analytics offers a host of compelling features and benefits for everyone from senior executives and advertising and marketing professionals to site owners and content developers. |
|
| Segment | |
IP Address Email Name | Segment gives you the ability to instrument your web app for analytics once, and then send your data to any number of analytics services. Previously known as Segment.io |
|
Compliance Tasks
GDPR Compliance requires maintenance and ongoing work. We are tracking our efforts here.
| Application Site Security | |
|---|---|
| Status | Name |
| Completed | Added External Javascript Files to Data Partners |
| Completed | Ensure Access to Backups is Restricted |
| Completed | Ensure Web Application Firewall enabled and blocking common attacks |
| Completed | Personal Data in File Storage is Encrypted |
| Completed | Establish Development Environment Data Handling Guidelines |
| Completed | Ensure Backups are Stored in on Encrypted File Storage |
| Completed | Ensure Database Backups of Personal Data are working |
| Completed | Personal Data in Databases is Encrypted |
| Completed | Restrict Personal Data at Signup to the Minimum Necessary |
| Completed | Inform Users about the GDPR Page |
| Completed | Registered with external Data Breach Domain Notification |
| Completed | Ensure internal employees and contractors behaviors around personal data are documented. |
| Data Mapping | |
|---|---|
| Status | Name |
| Completed | Add Exception/Error Reporting Services to Data Partners |
| Completed | Add Web Analytics Service to Data Partners |
| Completed | Add Third Party Web Font Services to Data Partners |
| Completed | Add Customer Support (Helpdesk) Service to Partners |
| Completed | Add Database Provider to Data Partner |
| Completed | Add Performance Monitoring Applications to Data Providers |
| Completed | Add CDN Provider to Data Partners |
| Completed | Add Transactional Email Service to Partners |
| Completed | Add Internal Email Service to Data Partners |
| Completed | Add Email Newsletter Service to Partners |
| Completed | Add Hosting Provider to Data Partners |
| Marketing Site Security | |
|---|---|
| Status | Name |
| Completed | Reviewed list of users with access to site |
| Completed | SSL (TLS) Deployed on Marketing Site |
| Privacy Procedures | |
|---|---|
| Status | Name |
| Completed | Get Management Approval for GDPR Efforts |
| Completed | Briefed all Staff on GDPR Impact to the organization |
| Completed | Data Protection Policy Created |
| Completed | Developed a Data Processing Agreement |
| Completed | Process established for subject data requests |
| Completed | Privacy Policy Updates |
| Completed | Procedure established to allow for people to request that inaccuracies in their data are fixed. |
| Completed | Nominate a Data Protection Lead or Data Protection |
| Completed | Informed all Employees and Contractors about GDPR Compliance |
| Security Procedures | |
|---|---|
| Status | Name |
| Completed | Publish statement on public website on how to report security and data issues. |
| Completed | Data Breach Notification Policy has been established |
Frequently Asked Questions
If you have any concerns not answered here, please reach out to our contact (listed above) and we'll be happy to assist.
What's the GDPR?
The General Data Protection Regulation (GDPR) is a new piece of privacy legislation enacted by the European Union. It represents a significant change in how personal (IP Addresses, Emails, Names) and sensitive (religion, ethnic origin, health, orientation) data is handled by companies.
How Do I Report a Security Issue?
We take all security reports seriously. Please email our security contact (information listed above) with any information you have regarding any potential data breaches, vulnerabilities or concerns.
Do Non EU Companies need to comply with the GDPR?
While it remains to be seen if the EU has the legislative power to levy fines and enforcement against organizations around the globe, GDPR compliance is being sought by non EU companies for a variety of reasons.
- Customers and Prospects are making it a requirement
- It's a solid framework for improving the handling of personal information and complying with the GDPR requirements improves our own security.