General Data Protection Regulation (GDPR) <p> The General Data Protection Regulation (GDPR) is a regulation from the European Union (EU) that aims to harmonize data-protection legislation across EU member states by enhancing privacy rights for individuals.
It applies to organizations processing personal data that offer goods or services to individuals in the EU.
It also grants EU-based data subjects certain rights to control the data that organizations collect on them, and how organizations use that information.
<p> At Stack Overflow, we are committed to your privacy, whether you live in the EU, or outside of it.
This means we apply GDPR principles to all of our processes.
We believe in having appropriate systems to ensure compliance.
<p> Additionally, if you are purchasing Stack Overflow products or services, we want you to know that we take our responsibilities to protect the personal data of our community very seriously.
<p> Stack Overflow and Data Security </p>
<p> Stack Overflow is committed to security by design in our products and services.
Our Development and Security teams are hard at work to ensure we protect the data you entrust to us.
We base our systems on ISO 27001 principles.
<p> Information for Data Subjects </p>
<p> Stack Overflow users meet the GDPR definition of “data subjects.” The GDPR provides enhanced rights to individuals including the right to data portability and “the right to erasure, also known as the right to be forgotten, the right to restrict processing and the right to object.” You have the ability to exercise these rights via our data subject access rights page where you may submit a Request or by submitting a request to firstname.lastname@example.org.
And because we care about your privacy rights we make these access requests available to you whether you are in the EU or not.
<p> Stack Overflow now makes it easy for you to request any information we store on you, to understand how that information has been collected, and to know who we have shared your information with.
<p> Information for Data Controllers (Customers) </p>
<p> Our business customers are data controllers when they purchase certain of our products and services.
We act as processors on behalf of such Customers.
Customers who wish to provide personal information to Stack Overflow when using our products and services will be provided with Stack Overflow’s Data Processing Agreement (Stack Overflow as Data Processor) or Stack will otherwise enter into an appropriate Data Processing Agreement (DPA).
Our DPA covers what information we collect, how we treat that data when you use our products and services, and what obligations Stack Overflow assumes under Article 28 of the GDPR.
<p> We maintain lists of third party vendors who process personal information (sub processors) for each of our services here.
These lists are updated as alterations occur.
Please review them regularly to identify any changes we have made as we continually enhance our services.
<p> Stack Exchange, Inc.
will accept and offer EU approved model clauses (SCCs) as a valid transfer mechanism upon request.
<p> Information for Data Processors (Vendors) </p>
<p> In order to provide our products and services, we may engage third party vendors to provide services on our behalf.
Stack Overflow’s vendors meet the GDPR definition of “data processors.” Stack Overflow engages certain vendors to process information on our behalf.
In order to do so, we need to know that they (you) will help ensure the safety of our community.
<p> Additionally, vendors who process data on behalf of Stack Overflow have an obligation to report data breaches to us.
You may do so by contacting our Privacy Officer at: email@example.com.