GDPR & Tally

This page does not serve as legal advice. Please determine together with your legal advisor how GDPR applies to your business.

 

What is GDPR?

The General Data Protection Regulation (GDPR) is a European Union (EU) privacy law that allows EU citizens and residents to have access and control over their personal data.
Does it affect you?
If your business is based in the European Union (EU), or you process the personal data of individuals in the EU, the General Data Protection Regulation (GDPR) affects you.

Is Tally GDPR Compliant?

Tally is based in Belgium (EU) and complies with the GDPR framework.
The measures we took
  • Our privacy policy gives you more information about what data we collect, data retention and transfers, and outlines your data protection rights.
  • All Tally form data is encrypted both in transit and at rest, and stored in Belgium (EU)
  • Data accessibility: you have full control of the information you collect, store and manage with Tally.
  • We have a Data Processing Agreement available for you. Email us at [email protected] and will send it over.
    • We can not modify or sign additional DPAs.
      Instead, we've put significant effort into creating a standardized DPA that aligns with the regulations and protects all parties involved.

What happens with form data?

Tally is the provider of a form service, and not the owner of the collected form responses.
The form creator is responsible for the data he/she collects
... and is thus data controller of the respondent data. Tally is the processor and stores information on behalf of the form creators. As long as your account is active you (as the form creator) have full control over the data you collect, and the time period for which you store the data.
You are able to delete or export form responses from your account if it would be required to do so. We honor all deletions, and all form data which has been deleted by you is permanently deleted from our back-ups within 90 days.
 

How do you use my personal data?

Tally acts as a data controller in the relationship between Tally and our customers (form creators), for the personal information you give us in order to use our service (registration information for example). Tally does not sell personal data to third parties or use it for marketing purposes or for serving advertisements.
We only share your information with our service providers who help us operate our business, in which case those third parties are required to comply with the GDPR framework.
Our subprocessors
Software
Use
Location
GDPR Compliance
Sendgrid
Email
🇺🇸
Google Cloud
Hosting
🇧🇪
Stripe
Payments
🇺🇸
Mixpanel (not used to track Tally forms)
Analytics
🇺🇸
Cloudflare R2
Hosting file uploads and form images
🇪🇺
 

How do I make sure my Tally form is GDPR compliant?

There's several things to consider when collecting personal information (name, email, phone, etc.) with your form.