top of page


Nothing to us is more important than the success of our customers and the protection of their personal data. With customers in many countries worldwide, we adhere to the General Data Protection Regulation (GDPR). The GDPR expands the privacy rights granted to European individuals and requires certain companies that process the personal data of European individuals to comply with a new set of regulations. In particular, the GDPR may apply to companies that process the personal data of European individuals and have a presence in the EU (e.g. offices or establishments) and to companies that do not have any presence in the EU but target the European market (e.g. by offering goods or services to the European market) or monitor the behavior of European individuals. We’re here to help our customers in their efforts to comply with the GDPR.

What is GDPR?

In 2016, the European Union (EU) approved a new privacy regulation called the General Data Protection Regulation commonly known as the GDPR. It’s a mandatory ruling that applies to all companies that collect the data and information of EU individuals and meet certain territorial requirements. The GDPR is designed to strengthen the security and protection of personal data in the EU, as well as provide businesses with a structured framework on how to collect, process, use, and share personal data. Under the GDPR, the concept of “personal data” is very broad, and covers almost any information relating to a specific individual.

When are these regulations starting to be enforced?
All companies collecting or processing the personal data of EU individuals must be GDPR compliant by May 25, 2018. 

Controllers and Processors
The GDPR defines and distinguishes between two types of parties and responsibilities when it comes to collecting and processing personal data: data controllers and data processors. A data controller determines the purposes and ways that personal data is processed, while a data processor is a party that process data on behalf of the controller. That means that the controller could be any company or organization. A processor could be a SaaS, IT or other company that is actually processing the data on behalf of the controller. VIRTUE Clan is the Data Controller. Not the Data Processor. We use services like SuperOffice & PassPack to process sensitive data. This information and access to these third-party services is shared only with authorised team members. The controller (VIRTUE Clan) is responsible to make sure that all processors with whom it deals will be GDPR compliant and the processors themselves must keep records of their processing activities. 

VIRTUE Clan relies on GDPR approved data processors like to process and store schedules & tasks regarding clients. This data includes campaign information, promotion progress, tasks related to the client and other files related to profiles or upcoming releases. This means that this customer's data is stored on Amazon Servers (AWS) in the US. AWS services comply with the GDPR. You can learn more about Amazon and the GDPR here.

Does the GDPR prevent a company from storing data outside of the EU?
Nothing in the GDPR prevents businesses from storing data outside of the EU, provided that the data processors adhere to the necessary regulations and protections. At, we store our data with Amazon Web Service (AWS), which is based in the US. Like, AWS has announced that it is GDPR ready.

Where can I learn more about GDPR?
Additional information is available on the official GDPR website of the European Union.

I have more questions. Who should I contact?
If you have any additional questions about the GDPR you are welcome to contact VIRTUE Live Support at:

bottom of page