The General Data Protection Regulation (GDPR) aims to improve the security of personal information and sets clear standards for how companies should handle, use, and store personal data belonging to EU citizens. While our HQ is based in New Zealand, StarNow has many members based in Europe (and all around the globe!), so we've been taking steps to update our privacy processes and become GDPR compliant.
We've been working with legal advisors to review data protection, privacy, and security at StarNow.
This review has shown that our security measures and processes are already very good, but we're making a few changes to ensure we meet the new standards set by GDPR. These include:
- making changes to our internal documentation and policies
- updating our procedures for handling, using, and storing data
- restricting the amount of personal member data that our employees can access
- reviewing our site security
Although the GDPR only applies to citizens of the EU, all StarNow members will benefit from the increased level of security and privacy that we have put in place.
We run the StarNow website over SSL/TLS to securely encrypt any information exchanged between our servers and our members' browsers. We don't store full credit card numbers in our database, and we fully salt and hash user passwords.
We also have a number of layers of physical security between our databases and the Internet, and are always reviewing security and access practices to make improvements where we can.
All StarNow employees have been trained on privacy, and we endeavour to always handle data in a responsible way.
We don't access member's personal information unless it's related to a task needed to provide our service to you (for example verifying and approving a listing, investigating a complaint, or approving headshots).
We also don't share member information with any third parties unless they are required as a part of providing our service (for example: using Rackspace and Microsoft Azure for web hosting services), or unless we are required to disclose it under the law.
You can change and update your email settings and privacy options at any time from your account settings page.
The GDPR sets out clear rights for individuals regarding their personal data.
- Right to be forgotten: You can ask us to remove your account at any time, and we will delete your personal information. Please note that due to Trust & Safety reasons we may need to retain some personal data from your account (we will store this securely in ‘cold storage’).
- Right to object: If you object to any of your personal information being processed by StarNow, you can delete this information from your profile at any time.
- Right to rectification: You can access your StarNow account settings at any time to correct or complete your personal information.
- Opting out: You can opt-out of us using your personal information for marketing our services to you by unsubscribing or changing your email settings from the bottom of any email.
- Withdrawing consent: You can withdraw your consent for us processing your personal information, but if you do, we may not be able to provide the StarNow services to you.
- Right of portability: At your request, we will export your account data and send this to you.
- Remember to keep your password safe!
- Don't give personal information to anyone you don't trust - you can use the StarNow messaging system to contact other people (we monitor messages for inappropriate content)
- Check out our online Trust & Safety tips
- If you run a business and think GDPR may apply to you, or you are interested in learning more, visit https://www.eugdpr.org/.