The Payment Card Industry Data Security Standard (PCI DSS) is a set of industry-mandated requirements for any business that handles, processes, or stores credit cards – regardless of the business’s size or location. The PCI Security Standards Council was founded by 5 of the major card brands, and they each share equal responsibilities in the council’s work.
WebMaxy is PCI DSS compliant which means that our security policies, and procedures meet the requisite standard.
WebMaxy does not store any credit card information but uses Braintree as our payment data processors. Braintree is a validated Level 1 PCI DSS compliant service provider. For more details, please head to Braintree’s page
We also perform an annual PCI DSS assessment. Here is our most recent certificate.
Suppression Controls – COMPLETE
Visitor Lookup – COMPLETE
Feedback Consent Controls – COMPLETE
- Implement the required changes to our internal processes and procedures required to achieve and maintain compliance with GDPR – COMPLETE
- Finalize and communicate our full compliance – COMPLETE
WebMaxy has also engaged with numerous outside attorneys on our approach. We felt this was and will be very important because the legislation is so far-reaching.
What changes did WebMaxy make to prepare for the GDPR? #
We took many steps across the entire company to ensure our compliance with the GDPR. We improved anonymity within our analytics tools and made changes to allow you to tailor how you request consent within our feedback tools. WebMaxy, for example, automatically suppresses all user keystrokes by default.
We also worked on interfaces that allow you to address requests from your customers related to their rights for accessing any personal data that might be stored in your WebMaxy account.
These changes addressed the requirements of the GDPR and mean WebMaxy and our products are GDPR ready
What do we ask WebMaxy Customers to do? #
There are two things that future customers might need to do depending on your situation and jurisdiction. Below are the only impactful changes that we can foresee that might affect you as a result of using WebMaxy:
- If you are in the European Union you’ll likely want to sign a Data Processing Agreement with WebMaxy. We’re happy to do so. Working with outside counsels in Germany and Malta we’ve updated this document to be in compliance with the GDPR and other generally acceptable privacy laws.
- You can review and digitally sign a copy of the Data Processing Agreement here. We will countersign it and provide you with a fully executed downloadable copy via email within 2 business days. If you have any questions about its contents simply email
What is GDPR and why is it important? #
The General Data Protection Act (GDPR) is considered to be the most significant piece of European data protection legislation to be introduced in the European Union (EU) in 20 years and will replace the 1995 Data Protection Directive.
The GDPR regulates the processing of personal data about individuals in the European Union including its collection, storage, transfer or use. Importantly, under the GDPR, the concept of “personal data” is very broad and covers any information relating to an identified or identifiable individual (also called a “data subject”).
It gives data subjects more rights and control over their data by regulating how companies should handle and store the personal data they collect. The GDPR also raises the stakes for compliance by increasing enforcement and imposing greater fines should the provisions of the GDPR be breached.
The GDPR enhances EU individuals’ privacy rights and places significantly enhanced obligations on organizations handling data.
In summary, here are some of the key changes that came into effect with GDPR:
- Expanded rights for individuals: The GDPR provides expanded rights for individuals in the European Union by granting them, amongst other things, the right to be forgotten and the right to request a copy of any personal data stored in their regard.
- Compliance obligations: The GDPR requires organizations to implement appropriate policies and security protocols, conduct privacy impact assessments, keep detailed records on data activities and enter into written agreements with vendors.
- Data breach notification and security: The GDPR requires organizations to report certain data breaches to data protection authorities, and under certain circumstances, to the affected data subjects. The GDPR also places additional security requirements on organizations.
- New requirements for profiling and monitoring: The GDPR places additional obligations on organizations engaged in profiling or monitoring behavior of EU individuals.
- Increased Enforcement: Under the GDPR, authorities can fine organizations up to the greater of €20 million or 4% of a company’s annual global revenue, based on the seriousness of the breach and damages incurred. Also, the GDPR provides a central point of enforcement for organizations with operations in multiple EU member states by requiring companies to work with a lead supervisory authority for cross-border data protection issues.
If you are a company outside the EU, you should still be aware of this. The provisions of the GDPR apply to any organization that processes personal data of individuals in the European Union, including tracking their online activities, regardless of whether the organization has a physical presence in the EU.
If you have any questions, please don’t hesitate to contact us at email@example.com.