General Data Protection Regulation

This document extends our Terms and Conditions and Privacy Policy.

Your EU Privacy Rights

If you are accessing Coded from an EU member state, you have additional rights to choose how your data is collected, processed, stored, and used.

The General Data Protection Regulation (GDPR) is the most significant legislative change in European data protection laws since the EU Data Protection Directive (Directive 95/46/EC), introduced in 1995. The GDPR became enforceable on May 25, 2018, strengthens the security and protection of personal data in the EU and serves as a single piece of legislation for all of the EU. It replaced the EU Data Protection Directive and all the local laws relating to it.

Hummingbird supports the GDPR and all Hummingbird products and services comply with its provisions. Not only is the GDPR an important step in protecting the fundamental right of privacy for European citizens, it has raised the bar for data protection, security and compliance in the industry.

How do we store your data?

Hummingbird securely stores your data at a SOC 2 Type II compliant datacenter in San Francisco, California, USA that is managed by DigitalOcean. We store your data using industry standard encryption methods. Additionally, your data is stored in an encrypted format at rest in a PCI-DSS compliant format. Hummingbird never stores your credit card information. DigitalOcean is certified in the international standard ISO/IEC 27001:2013. Their ISO/IEC 27001:2013 certificate can be viewed here.

Hummingbird will keep your account data for 90 days after your account deletion. Once this time period has expired, we will delete your data in a PCI-DSS compliant method.

Hummingbird undergoes annual security and data processing audits by Security Metrics, a third-party auditing firm. All credit card information is stored by Braintree, a PayPal company.

What are your data protection rights?

Hummingbird would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

The right to access You have the right to request Hummingbird for copies of your personal data. We may charge you a small fee for this service.

The right to rectification You have the right to request that Hummingbird correct any information you believe is inaccurate. You also have the right to request Hummingbird to complete information you believe is incomplete.

The right to erasure You have the right to request that Hummingbird erase your personal data, under certain conditions.

The right to restrict processing You have the right to request that Hummingbird restrict the processing of your personal data, under certain conditions.

The right to object to processing You have the right to object to Hummingbird's processing of your personal data, under certain conditions.

The right to data portability You have the right to request that Hummingbird transfer the data that we have collected to another organization, or directly to you, under certain conditions.

Last updated