One last privacy policy update, in a post-GDPR world

By David Kramaley / On / In Chessable news

4 Shares

We are now living in a post-GDPR world. By now, you must have noticed some of your favourite sites (including Chessable) showing you “proper” consent notices, adding cookie banners and what not.

Today’s blog post is to summarise what we have done to be compliant with the GDPR. Plus, we wanted to let you know that having concluded this work promptly, it means that we can now kick off June with a bang.

We are free to focus on site improvements, fixes, and cool stuff.

Now, I’d like to summarise what we have done to look out for your privacy.

The latest update is to the privacy policy. Today we released a list of our “service providers”. Here you can inspect all the companies who help us provide you with our Service, from support to web hosting, from e-mailing you the latest deals to showing you a “like” button. It’s all transparent.

During May, we’ve emailed you a few times to ask for “re-consent”. Basically, we wanted to know if you wanted to keep hearing from us. If you said no, and you are in the EU, you will no longer hear from us. This is the case unless we have a legal requirement to contact you, for instance, a privacy policy update or you’ve made a purchase. Our active users based in the USA will remain unaffected by this change.

During the last few months, we also underwent many GDPR oriented activities. From staff training to creating documents specifying processes, and more. After reading the regulation, and discussing with lawyers, we engaged in a comprehensive 100+ step checklist to make sure we complied with the GDPR. Once done, we generated a 34-page PDF report highlight our commitment to cover all bases to protect your privacy.

We also created a Data Map, analysing all the data we collect from users and staff, and what we use it for. We’ve minimised and deleted any unnecessary data. We only collect the bare minimum, as you will know when you signed up, which you can do with just your e-mail and a pseudonym.

Furthermore, we’ve made sure any data we share with third parties (e.g. collecting a payment) is restricted to the bare minimum too. We’ve made sure data is anonymous where it’s unnecessary to share the full data, for instance, with our video streaming provider.

We’ve signed Data Processing Agreements with all of our service providers, legal contracts that ensure they look out for any data they have by complying with the full GDPR regulations.

That’s not all, in the last few months we’ve undertaken an excellently-rated, third-party static code analysis to make sure our software is as protected against cyber attacks as possible.

We’ve also taken active preventive measures by planning to undergo a penetration test with a top security company shortly. And of course, we checked in with our web hosting team and their system admins to make sure our backups, our firewalls, and our servers are in top health and ready to continue serving you in a safe and reliable manner for the exciting future ahead.

Most of the changes outlined in these paragraphs apply to all of our users, not just from the EU. So you can rest assured that any data we may receive from you, is being looked after to the full extent of our ability.

Now, privacy ensured, back to the fun world of developing useful chess learning features. See you around the site!

About David Kramaley

David is Chessable's CEO and Chief Scientist. He finished his dissertation on expertise and expert performance as part of a MSc in Psychology of Education (BPS) at the University of Bristol, and also holds a PGCert in Applied Psychology from the University of Liverpool. David's chess rating is around 1,850 FIDE.
4 Shares