General Data Protection Regulations and Dinehome

The General Data Protection Regulation (GDPR), creates consistent data protection rules across Europe. It applies to companies that are based in the EU and global companies that process personal data about individuals in the EU.

Updated: 26 December 2018

WE STORE DATA IN AN ORGANIZED FASHION

We can easily access your personal data in an organised way.

If you participated in the Dinehome experience we have these personal data about you:

If you are a student:
    - Name and surname
     - Birth date
     - Gender
     - Nationality
     - KYC info
     - Personal email
     - WhatsApp number
     - University

If you are a family:
     - Name and surname
     - Birth date
     - Gender
     - Nationality
     - KYC info
     - Personal email
     - WhatsApp number
     - Address

-> We don’t ask or store any sensitive data about you.
-> Only the two founders have complete access to these contents.

Privacy Shield
Our database is running and stored on Airtable servers that are located in the US, in data centres that are SOC 1, SOC 2 and ISO 27001 certified. As in this case, any transfers of personal data outside of the EEA must meet specific legal requirements, and Airtable is certified under the Privacy Shield framework. You can see additional information about the security of our database here. To learn more about the Privacy Shield program, please visit https://www.privacyshield.gov/

If you subscribed to our newsletter:
Our mailing lists are running and managed on Mailchimp servers. Learn more about its security.
Also, you can have a look at the Mailchimp Privacy Shield certification here.

WE ENCRYPT YOUR DATA AND WE TAKE NECESSARY SAFETY MEASURES

Your data is securely collected using our beautiful Typerform modules. TLS is used to secure all data in transit.
Find out more about TLS here.

Typefrom is fully GDPR compliant and it is certified under the Privacy Shield framework. You can have a look at Typeform's GDPR compliance here. All Typeform data is hosted on Amazon’s AWS service. Their central servers are located in Virginia, the USA and backup servers are located in Frankfurt, Germany. You can read more about AWS here.

Airtable's data is encrypted both when it is sent to and from our servers, as well as when it is at rest. To protect your content in transit, Airtable uses 256-bit SSL/TLS encryption. At rest, Airtable content is protected using 256-bit AES encryption.
The 256-bit SSL, TLS, and AES encryption standards are the same levels of encryption as used by banks.

Each endpoint (notebook, workstation, tablet e mobile devices) is secured with strong passwords and has an updated security solution. All the data on each endpoint are securely encrypted. If the devices are lost we are able to remotely wipe the contents using Apple’s “find my Mac” service.  

All transfers of data between Typeform - Airtable - Mailchimp is made with Zapier.
Learn more about Zapier’s data privacy here.

WE DON’T HOLD ONTO DATA UNNECESSARILY

If we don’t actively use or planning to use your data in the future, we will delete it within two years while your Google Analytics data are stored for only 50 months.

WE HAVE A VERY CLEAR PRIVACY POLICY

We will use your personal data to help us find the best match for you and we will only use your personal information to administer your account and to provide the free services you have requested from us.
Have a look at our complete privacy policy here.

RIGHT TO ACCESS

If someone requests to see what type of data has been collected from them, we will respond within one month and free of charge.

You have the right to ask us to see what type of data has been collected from you. You can do it by completing this form. To access the form you need to type this password: dinehome.

RIGHT TO BE FORGOTTEN

If someone asks us to delete the data we’ve collected on them, we will remove them.

You have the right to ask us the deletion of your data from our database. You can do it by completing this form.
To access the form you need to type this password: dinehome.

BREACH NOTIFICATION

Under the GDPR, breach notification is mandatory in all member states where a data breach is likely to “result in a risk for the rights and freedoms of individuals”. When a security breach threatens the rights and privacy of a data subject or subjects, we will:

     - Notify authorities within 72 hours of first having become aware of the breach.
     - Describe the consequences of the breach.
     - Communicate the breach directly to all affected subjects.

Contacting us

If you have any questions about GDPR and Dinehome, please contact us.