Skip to content

GDPR Overview

Streethawk is committed to privacy and user rights. Leading up to the implementation of the GDPR, we’ve worked hard building features that give our customers control of the data that is stored on the Streethawk and Pointzi platforms. All customers have access and are impacted by these changes, regardless of whether the GDPR specifically impacts you. If you have customers in the EU, its likely you are impacted, this page is informational only. We built this page to outline some of the key GDPR principles and terms and present how they apply to your use of Streethawk products and services (for brevity the document will just refer to “Streethawk” to mean all products). Please review this carefully and share it with your privacy team with the legal documents listed below.

Disclaimer: EU data protection laws, including the GDPR, are complex. This guide should not be considered legal advice. Please consult a legal professional for details on how the GDPR impacts your business.

General Data Protection Regulation (GDPR)

The GDPR is a unified regulation that is designed to harmonize data privacy laws throughout Europe. This new regulation offers citizens in the European Union (EU) greater transparency and controls over how their personal data is used by others. With the GDPR, we’ve updated our privacy policy to ensure that any business that requires a GDPR-compliant processor can use Streethawk. We have an updated our privacy policy and we will be updating other legal documentation before the GDPR goes into full enforcement on May 25, 2018.

Controllers and Processors

There are two key relationships that are defined in the GDPR. As a customer of Streethawk, you operate as the controller when using our products and services. You have the responsibility for ensuring that the personal data you are collecting is being processed in a lawful manner as described above and that you are using processors, such as Streethawk, that are committed to handling the data in a compliant manner. Streethawk is considered a processor. We act on the instructions of the controller (you), which come in the form of API or Dashboard user requests. Similar to controllers, processors are expected to enumerate how they handle personal data, which we have outlined in this document and the legal documents listed below. As a processor, we rely on our customer to ensure that there is a lawful basis for processing. Processors may leverage other third-parties in the processing of personal data. These entities are commonly referred to as sub-processors. For example, Streethawk leverages cloud infrastructure providers like Amazon Web Services, Mailgun (if you use us for email delivery), Twilio Rackspace (if you use us for SMS Text Message delivery), and Softlayer to host Streethawk.

How Streethawk Uses Personal Data

Streethawk believes in being fully transparent in how we handle and process personal data. We keep data as long as it is necessary to provide our services. Where possible, we employ mechanisms that allow us to automatically remove data after it is no longer needed to offer our services.

Push Notification Title and Body – Because the dashboard allows customisation by the App Owner (“controller”), its possible that personal information be contained in there and retained. This is not a common practice but the usage of data such as “first name” may be possible and be by the controller.

Feed Title and Body – Similar consideration to Push Notification content should be considered by the controller.

Email Message Bodies – Streethawk is in the process of reducing our storage of email messages. Because we use Mailgun to deliver emails and our customers have established direct accounts with Mailgun, you should check their handling of GDPR. To get status on the current implementation, please contact the Privacy Officer.

SMS Messages – Streethawk is in the process of reducing our storage of SMS messages. Because we use Twilio to deliver SMS and our customers have established direct accounts with Twilio, you should check their handling of GDPR. To get status on the current implementation, please contact the Privacy Officer. Finally, our staff may data to aid customers in a customer support capacity. Access to customer apps is limited and all employees are subject to our confidentiality provisions.

Data Subject Rights

As part of the GDPR, EU data subjects have certain rights to have their personal data removed, corrected, and exported. Please refer to our Privacy Policy for how controllers can act on behalf of their end-users for the stated rights. Unless otherwise required by law, in the event that Streethawk receives any type of request from a data subject, we will engage the respective customer within seven days to respond to the data subject request, completion of an eligible request is stated in the Privacy Policy.

Privacy Policy

Both Pointzi and StreetHawk platforms share the same privacy policy. It can be found at here. If you have questions, please contact our Privacy Officer at this address.