--- title: "GDPR | ClonePartner" description: ClonePartner GDPR information. slug: gdpr canonical: "https://clonepartner.com/gdpr/" --- # GDPR **Background **On May 25 2018, the European Union (EU) began enforcing the General Data Protection Regulation (GDPR). After Brexit, the United Kingdom adopted the UK GDPR. Together, these regulations harmonize data-protection rules across the EU and UK and give individuals stronger, more consistent rights over their personal information. **Our Commitment **Yin Yang Inc. (“we”, “us”, “our”, **ClonePartner**) takes data-privacy and security obligations seriously. We continuously review our operations to keep every aspect of the **clonepartner.com** platform and our associated services—including bespoke data migrations, custom integrations, automated backup and recovery, continuous data sync, and implementation-partner engagements—aligned with GDPR requirements. ### **1\. Controller and Processor Roles** - **Data Controller**: For any personal information submitted directly on **clonepartner.com** (e.g., contact forms, demo requests, job applications), ClonePartner determines the purposes and means of processing. - **Data Processor**: When customers use our Services and supply personal information about their end-users, we process that data strictly on their documented instructions. ### **2\. Risk Assessment** We conduct organization-wide information-discovery exercises to identify: - what personal data we hold, - where it originates, - how and why we process it, and - with whom it is shared. Findings drive continual improvements to our technical and organizational safeguards. ### **3\. Data-Subject Consent** - **Website visitors** must affirmatively consent to our Privacy Policy and Cookie Policy before we collect or process their personal data. - Users can exercise GDPR rights—access, rectification, erasure, restriction, objection, and portability—by contacting **legal@clonepartner.com**. ### **4\. Contracts with Sub-processors** When acting as a Controller, we execute GDPR-compliant data-processing agreements with every sub-processor, ensuring they handle personal data only under our instructions and with robust security controls. As a Processor, we adopt the safeguards and follow the instructions defined in each customer’s data-processing addendum. ### **5\. International Data Transfers** We rely on: - the EU Standard Contractual Clauses (SCCs) and - the UK International Data Transfer Addendum (ITDA) to provide a lawful basis for any transfer of personal data outside the EU or UK. ### **6\. Data Retention & Erasure** ClonePartner’s internal Data-Protection Compliance Policy embeds the GDPR principles of **data minimization** and **storage limitation**. Personal data is retained only as long as necessary for its stated purpose, after which it is securely deleted or anonymised. ### **7\. Article 30 Record-Keeping** We maintain detailed records of all personal-data processing activities—both as Controller and as Processor—in line with Article 30(1) and 30(2) requirements. ### **8\. Breach Response** Robust preventive measures reduce the likelihood of a data breach. Should a breach occur, we will: 1. Contain and investigate the incident immediately. 2. Notify affected customers and the relevant supervisory authority without undue delay, following GDPR timelines. 3. Provide timely updates and remediation actions to all stakeholders. ### **9\. Ongoing Compliance** We review policies, contracts, and security controls regularly, train staff on data-protection best practices, and audit sub-processors to ensure continued adherence to GDPR standards. **Questions? **For any GDPR-related inquiry, reach us at **legal@clonepartner.com**. ClonePartner remains committed to safeguarding personal data and upholding every right granted under the GDPR.