The GDPR is Europe’s regulation for data protection and privacy.
In the language of GDPR, Mass Dynamics positions itself as a Data Processor for our customers, who are either controllers or processors. Mass Dynamics follows the instructions of the customer in the management of their data.
Mass Dynamics is committed to ensuring compliance with the GDPR regulation and has completed an internal audit and impact assessment using the official EU checklist to assess our GDPR practices.
Below is a plain English description of how we comply with GDPR. If you have specific questions, you can send an email to privacy@massdynamics.com
SECTION 1: Lawful basis and transparency
| GDPR Checklist Item | Mass Dynamics Response |
| 1. Conduct an information audit to determine what information you process and who has access to it. | An audit and impact assessment has been completed. This table outlines the results, and includes more about the information Mass Dynamics processes and who has access to it. |
| 2. Have a legal justification for your data processing activities. | Mass Dynamics is a processor for the purposes of processing proteomics data in strict adherence to legal standards, privacy and security. Our clients, agreeing to our Terms of Use, entrust us with their data, which we handle with confidentiality and integrity. |
| 3. Provide clear information about your data processing and legal justification in your privacy policy |
More information about Mass Dynamics' data processing and legal justification can be found in our Privacy Policy. |
SECTION 2: Data Security
| GDPR Checklist Item | Mass Dynamics response |
| 4. Take data protection into account at all times, from the moment you begin developing a product to each time you process a data. | Data Protection in Our Product Development: From Start to Finish: In every phase of product development, from initial concept to final delivery, we embed data protection principles, ensuring safety and integrity in every process. Continuous Vigilance: Our methods, including rigorous quality assurance, automated testing, and secure development practices, are designed to prioritize data protection at every step, including every instance of data processing. |
| 5. Encrypt, pseudonymize, or anonymize personal data wherever possible. |
Mass Dynamics collects personal data as outlined in the "Personal Information" section of our Privacy Policy. |
| 6. Create an internal security policy for your team members, and build awareness about data protection. |
Mass Dynamics maintains a robust internal security policy and trains our team members to cultivate a strong awareness and proactive approach towards data protection in all aspects of our work. We are in the process of building a publicly available Data Processing Addendum to further showcase our approach and commitment to Data Protection. |
| 7. Know when to conduct a data protection impact assessment, and have a process in place to carry it out. | Mass Dynamics conducts a Data Protection Impact Assessment whenever initiating new data processing activities or making significant changes to existing ones, ensuring we have a systematic process in place to identify and minimize any risks to our customers' personal data, in alignment with GDPR guidelines and recommendations. |
| 8. Have a process in place to notify the authorities and your data subjects in the event of a data breach. | Mass Dynamics has Data Breach Response Plan. In summary, in the event of a suspected data breach, our protocol involves swiftly assessing the situation to determine the likelihood of serious harm, which would necessitate notifying the relevant authorities and impacted data subjects. Our response also includes immediate actions to mitigate and prevent further loss, and is managed by our designated response team. |
SECTION 3: Accountability and Governance
| GDPR Checklist Item | Mass Dynamics response |
| 9. Designate someone responsible for ensuring GDPR compliance across your organization | Our Technical Product Lead Aaron Triantafyllidis is responsible for ensuring GDPR compliance across Mass Dynamics. |
| 10. Sign a data processing agreement between your organization and any third parties that process personal data on your behalf. |
Mass Dynamics uses the following third parties, and have signed agreements bound by respective Terms of Use. Hyperlinks are connected so each provider's data processing guidelines can be reviewed: Hubspot, Sendgrid, AWS, Slack, Trello, Miro, Google, Stripe |
| 11. If your organization is outside the EU, appoint a representative within one of the EU member states. | Mass Dynamics is in the process of appointing a representative within one of the EU member states. |
| 12. Appoint a Data Protection Officer (if necessary) | Our Technical Product Lead Aaron Triantafyllidis is our Data Protection Officer. |
SECTION 4: Privacy Rights
| GDPR Checklist Item | Mass Dynamics response |
| 13. It’s easy for your customers to request and receive all the information you have about them. |
Mass Dynamics makes it easy for our customers to request and receive all the information we have about them. Requests can be addressed to privacy@massdynamics.com |
| 14. It’s easy for your customers to correct or update inaccurate or incomplete information. |
Mass Dynamics makes it easy for our customers to correct or update inaccurate or incomplete information. There are two ways: |
| 15. It’s easy for your customers to request to have their personal data deleted. |
Mass Dynamics makes it easy for our customers to delete personal data. There are two ways: 1. Login to Mass Dynamics and select Account Details -> Delete Account |
| 16. It’s easy for your customers to ask you to stop processing their data |
Mass Dynamics can stop processing customer data on request. There are two ways: 1. Login to Mass Dynamics and select Account Details -> Delete Account |
| 17. It’s easy for your customers to receive a copy of their personal data in a format that can be easily transferred to another company. |
Mass Dynamics makes it easy for our customers to receive a copy of their personal data. Requests can be addressed to privacy@massdynamics.com |
| 18. It’s easy for your customers to object to you processing their data. |
Mass Dynamics makes it easy for our customers to object to the processing of their personal data. Requests can be addressed to privacy@massdynamics.com |
| 19. If you make decisions about people based on automated processes, you have a procedure to protect their rights | Mass Dynamics does not make decisions about people based on automated processes. |