If you give us personal information about someone else, please make sure you have their permission and please make them aware of this Privacy Statement as it also applies to them.
We ask for your name and email address when you signup to our service. This is our primary mechanism to identify you when you log in.
For the purposes of providing you with a compliant receipt for your Fees payments, we may also collect your address.
We take great care to keep your personal information safe, starting with our cloud infrastructure provider which is Amazon Web Services. Their computers that are housed in secure data centres with heavily restricted access with numerous levels of security to prevent unauthorised access to those servers including firewalls and passwords.
Email is a vital part of Frontend Robot, emails are used to notify users about failing tests and other important events. We also use email to send occasional alerts, reminders and newsletters in relation to Frontend Robot and how you, all these emails contain a link that allows a user to opt out of further communication with a single click.
The primary use of the data we collect is to provide the service of Frontend Robot.
To help us deliver Frontend Robot we use various 3rd party apps. We asses all these apps to ensure our continued compliance with our obligations to Users, Clients, and data processing regulations such as GDPR, and to ensure your data remains in safe hands.
We list those apps and 3rd party data processors here:
Slack Inc. We primarily use Slack for internal electronic communications. It’s entirely possible that at times these discussions will be about clients and particular situations they need assistance with, and in that regard data will be shared. Slack store their Data in USA Data Centres and have certified with EU-US Privacy Shield. Our relationship is governed by their Terms of Service and a GDPR compliant Data Processing Addendum.
Stripe Inc. We process debit and credit card payments using Stripe Payments Europe Limited, a worldwide payments provider. The main capture is through their european subsidiary based in Ireland, but some of the data is passed to Stripe Inc. the parent company in the USA. For this transfer to be lawful they employ the European Commission’s Standard Contractual Clauses (“Model Clauses”) to allow for the lawful transfer of such data under the EU Data Directive.
Our policy is to provide our customers with control over retention and destruction of their data. Individual users of Frontend Robot can be deleted anytime as well as entire customer accounts. Deletion is instant and irrecoverable. Any data stored on backups will be deleted entirely within 30 days.
We don’t, and never will sell or rent your information to any 3rd party.
A number of common questions have arisen in regard to GDPR which we’ll try to answer here:
Where is the data stored? Data is stored in the Amazon Web Services cloud platform. At the time of writing this is their sites of North Virginia, US.
Is Data encrypted? Data is transferred to Frontend Robot using HTTPS and encrypted at rest.
How do we delete data? You can delete individual users and all their data from Frontend Robot within the app itself. You can also cancel and delete your entire account by contacting our support team.
Which sub processors do you use? This is covered in more depth in the list of 3rd Party Apps we use here.
Do you have a specific data processing agreement? We don’t have a separate data processing agreement, the specific terms required under Article 28 of the GDPR Act are included in the main Terms and Conditions.
Who is your Data Processing Officer? Frontend Robot isn’t required to have a GDPR Officer. GDPR only requires an officer if the organisation is a public body, conducts large scale systematic monitoring of individuals such as behaviour tracking, or tracks special categories of data such as health.
Can you sign our GDPR / Data Processing Agreement? Unfortunately we can’t sign agreements with individual clients sorry. Being a small dynamic company, it would be pretty much impossible for us to manage separate legal agreements with each client - hence why you’ll find all the GDPR requirements taken care of in our standard Terms and Conditions.
We recognise our obligations in assisting customers with regard to data subject access requests.
If you are a Data Subject, Subject Access requests should be sent direct to your employer (the data controller), who in turn will seek assistance from us, Var7 Technologies Ltd (as data processor) in complying with that request. So please contact your employer directly.
If you represent an organisation using Frontend Robot, access to your data is provided via the web and mobile applications. Both you and your users can login and see relevant user data.
The information you find from logging into Frontend Robot reports should be sufficient to allow you to complete the subject access request, but if you have any concerns then please contact support for further assistance.