GDPR Compliance
What is the GDPR?
The General Data Protection Regulation (GDPR) is a European data protection law that took effect on 25 May 2018. It gives EU residents greater control over their personal information and harmonises data protection rules across the EU. Under the GDPR, organisations must process personal data fairly and lawfully, enable individuals to exercise their rights including access, rectification and deletion, and implement appropriate security measures. In the UK, equivalent requirements apply under the UK GDPR.
Who does the GDPR apply to?
The GDPR applies to:
- Any organisation or person based in the EU, and
- Any organisation outside the EU that processes the personal data of people in the EU.
Personal data means any information about a living person who can be identified, directly or indirectly. This includes obvious details like a name or email address, and indirect identifiers like an IP address.
Is Forminit GDPR-compliant?
Yes. Forminit is based in London (UK) and complies with the UK GDPR and the GDPR framework.
Here's what we do:
- Our Privacy Policy explains what data we collect, how long we keep it, where it may be transferred, and your data protection rights.
- EU hosting & encryption. All Forminit form data is encrypted in transit and at rest and stored in EU data centres. Our application and data servers run on AWS EU regions. AWS holds certifications such as SOC 1, SOC 2, SOC 3, ISO 27001, ISO 27017 (Cloud Security), ISO 27018 (Cloud Privacy), PCI DSS v3.2, and HIPAA, audited by third parties.
- You have full control over the information you collect, store and manage with Forminit.
- A DPA is available on request.
For details, please see our Privacy Policy.
Do you have a Data Processing Agreement?
By creating a Forminit account and accepting our Terms and Conditions, professional users also agree, on behalf of their company, to our Data Processing Agreement and agree to be bound by it.
How we use your personal data?
For information you give us to use the service (e.g., registration details), Forminit acts as the data controller.
We do not sell your personal data, use it for marketing, or serve advertisements.
We share your data only with trusted service providers who help us run Forminit. Those providers are required to comply with the UK GDPR/ the EU GDPR framework.
Subprocessors
We use the following service providers, each of which has confirmed its commitment to GDPR compliance:
| Service Provider | Service | Location | GDPR Compliance |
|---|---|---|---|
| Amazon Web Services (AWS) | Hosting and Storage | EU | Link |
| CleanTalk | Spam Protection | EU | Link |
| Fathom Analytics | Analytics | EU | Link |
| Pusher | Real-Time WebSocket Communication | EU | Link |
| Laravel Nightwatch | Application Monitoring and Error Tracking | EU | Link |
| Stripe | Payment Processing | EU | Link |
| Typesense | Search and Indexing Infrastructure | EU | Link |