Compliance FAQs

Common questions asked regarding compliance at WebMaxy:


Payment Card Industry Data Security Standard #

What is the Payment Card Industry Data Security Standard (PCI-DSS) #

The Payment Card Industry Data Security Standard (PCI DSS) refers to a set of industry-mandated requirements for any business that handles, processes, or stores credit cards – regardless of the business’s size or location.

Back to top

Is WebMaxy Payment Card Industry Data Security Standard (PCI-DSS) compliant? #

WebMaxy has completed a self-assessment process (SAQ-A) that permits us to accept card-not-present payments by fully outsourcing all cardholder data functions to our PCI-DSS compliant third-party vendor, Braintree, with no electronic storage, processing or transmission of any cardholder data on WebMaxy infrastructure.

Braintree’s environment meets the highest industry standards and guidelines: Level 1 PCI-DSS Compliance.

Is WebMaxy’s PCI-DSS Compliance Certificate publicly available? #

Yes – WebMaxy holds a Certificate of PCI-DSS Merchant Compliance. You can view our certificate here.

Back to top

EU-US Privacy Shield #

What is the EU-US Privacy Shield Framework? #

The Court of Justice of the European Union (CJEU) has struck down the EU-US Privacy Shield Framework. This means that data controllers in the European Union (EU) can no longer rely on certifications of data recipients in the United States (US) under the Privacy Shield to justify the transfer of personal data from the EU to the US.

For more information, read WebMaxy’s article on the EU-US Privacy Shield.

Back to top

General Data Protection Regulation (GDPR) #

Does WebMaxy need to comply with the EU-US Privacy Shield Framework? #

Since WebMaxy is a company registered in the EU, it does not need to comply with this framework. For more information about this, please visit our EU-US Privacy Shield Framework article.

Back to top

What is the General Data Protection Regulation (GDPR)? #

The GDPR (General Data Protection Regulation) is an important piece of legislation that is designed to strengthen and unify data protection laws for all individuals within the European Union (EU). The regulation became effective and enforceable on the 25th May 2018. The GDPR enhances EU individuals’ privacy rights and places significantly enhanced obligations on handling data. We have more information about the GDPR on our GDPR commitment page.

What does the GDPR regulate? #

The GDPR regulates the processing of a data subject’s personal data in the European Union including its collection, storage, and transfer or use. The GDPR gives data subjects more rights and control over their data by regulating how you should handle and store any personal data they collect.

What is personal data? #

In the GDPR, personal data is any data related to an individual or identifiable person. Personal data includes names, email addresses, and government-issued identification numbers. Any data or a combination of data, which can be used to identify you is personal data under the GDPR.

Back to top

Who does the GDPR apply to? #

The provisions of the GDPR apply to any entity that processes personal data of individuals in the European Union (EU), including tracking their online activities, regardless of whether the entity has a physical presence in the EU.

We are not based in the EU. Do we still need to comply? #

Yes! If you are an entity outside the EU, you should still be aware of the GDPR and comply with it if you process personal data of individuals in the EU.

What is WebMaxy’s commitment to compliance with GDPR? #

WebMaxy has undertaken the required business and technological steps to operate in a manner compliant with GDPR. We have our GDPR commitment documented in full.

Does WebMaxy have a Data Protection Officer (DPO)? #

Yes – WebMaxy has appointed a DPO to ensure that WebMaxy processes all personal data it collects in compliance with the GDPR. You may contact WebMaxy’s DPO at dpo@webmaxy.com

What controls has WebMaxy put in place to help its customers use its tools and services in a GDPR compliant manner? #

WebMaxy was designed and built with privacy in mind. Our approach keeps end-user privacy at the center of what we do. At WebMaxy we’ve developed a number of compliance controls to help our customers use WebMaxy in a GDPR compliant manner.

Back to top

As a WebMaxy customer, what do I need to do to use WebMaxy in a GDPR compliant manner? #

Depending on your situation and jurisdiction, below are the measures which we can foresee you need to take as a result of using WebMaxy:

Make sure your Terms of Service or Privacy Policy properly communicate to your users how you are using WebMaxy (and any other similar services) on your website or app. This requirement has always been part of WebMaxy’s Terms of Service, but the GDPR can heavily penalize you if you’ve not done this clearly. We recommend you ensure your policies are up to date and clear to your readers. We have a sample version of the wording which you can include in your Privacy Policy. Please note that this is a very generic statement and might need to be tailored to fit your particular use of our services

If you are in the European Union, you’ll likely want to sign a Data Processing Agreement with WebMaxy. We’re happy to do so. Working with outside counsels in Germany and Malta we’ve updated this document to be in compliance with the GDPR and other generally acceptable privacy laws. If you have any questions about its contents simply email legal@webmaxy.com.

Back to top

Is WebMaxy a Data Processor and/or a Data Controller under the GDPR? #

A Data Controller is the entity that determines the purposes, conditions, and means of the processing of personal data. A Data Processor is the entity which processes personal data on behalf of the controller.

In your entity’s relationship with WebMaxy, you are the Data Controller of your end user’s personal data (assuming you are capturing some) and WebMaxy is the Data Processor.

With respect to your entity’s own data, WebMaxy is the Data Controller.

Back to top

Who are WebMaxy’s Sub-Processors and where are they located? #

We have a list of all sub-processors appointed by WebMaxy.

Back to top

Do you inform your customers if there is a change in WebMaxy’s Sub-Processors #

In case of a change in our sub-processors, we will inform our customers of the new sub-processor and the scope of the planned sub-processing in writing ten (10) days in advance of this change.

Back to top

California Consumer Privacy Act (CCPA) #

What is WebMaxy’s commitment to compliance with the CCPA? #

As a privacy-centric company, WebMaxy is excited to see the subject of privacy get more attention. We’ve made a number of enhancements in preparation for the CCPA. Our commitment to CCPA compliance and further information about the efforts undertaken by WebMaxy in this respect can be found on our CCPA commitment page.

Back to top

How do I use WebMaxy to be compliant with CCPA? #

You can check out how our tools can be used in a manner that supports the requirements of CCPA through the following:

WebMaxy has made many product and process enhancements in preparation for the CCPA which we’ve documented through our CCPA commitment page.

Back to top

As a WebMaxy customer, do I meet the basic requirements of the CCPA? #

The CCPA is a large piece of legislation and covers many topics that have no direct impact or tie with your use of WebMaxy. However, there are areas of the CCPA where your customers might have rights that relate to your use of WebMaxy. We’ve included a brief explanation of their rights and how WebMaxy can be used in a manner that supports you in servicing them below.

Back to top

Other Compliance FAQs #

Where does WebMaxy store my data? #

You can learn more about this by looking at our Data Storage page

Back to top

Does WebMaxy transfer any of my data outside of the European Union? #

You can learn more about this by looking at our Data Storage page

Back to top

Copyright @ 2022 WebMaxy | All rights reserved.