How Chameleon complies with GDPR

How Chameleon will handle new EU regulations on data privacy and management

Chameleon Team avatar
Written by Chameleon Team
Updated over a week ago

An overview of how Chameleon complies, what we do to help you become compliant and where you can find more information. 

The European Union's General Data Protection Regulation (EU GDPR) is one of the biggest changes in regulating data privacy in recent times and came into effect May 25, 2018.

It requires companies to give control of user data to it's users and options to delete and suppress tracking and storage. It creates safeguards in how data is transferred between EU borders and places these requirements on both data stewards and their vendors.

Chameleon is committed to privacy and security and is fully GDPR compliant as of May 25, 2018. We offer the rights associated with this to ALL our users, wherever you are, and not just to EU citizens. This is in line with our principles of best-in-class privacy and security. 

To learn more, please review the following documents:

This is a complex change and touches many aspects of our business so we ask you to be patient as we manage the changes to ensure compliance. If you have any questions in the meantime, please do not hesitate to ask via the messaging widget below or by emailing us: 

GDPR states that personal data processed for any purpose shall not be kept for longer than is necessary for that purpose. After that time, the personal data must be securely deleted or updated and archived. 

Chameleon will delete all personal data associated with a organization account (including all individual users) after 1 year (365 days) of non-activity. 

GDPR introduces a duty on all organizations to report certain types of personal data breach to the relevant supervisory authority and to individuals, within 72 hours where feasible. 

Chameleon, upon becoming aware of any breach affecting personal data, Chameleon will notify the affected parties and the relevant supervising authority / authorities.

Under the GDPR, organizations must appoint a DPO, to monitor internal compliance, inform and advise on your data protection obligations, provide advice regarding Data Protection Impact Assessments (DPIAs) and act as a contact point for data subjects and the supervisory authority. if:

  • they are a public authority (except for courts acting in their judicial capacity)

  • core activities require large scale, regular and systematic monitoring of individuals (for example, online behaviour tracking); or

  •  core activities consist of large scale processing of special categories of data or data relating to criminal convictions and offenses.

Chameleon does not fall into these categories and is therefore not required to appoint a Data Protection Officer.

VeraSafe has been appointed as Chameleon's representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. If you are in the European Economic Area,

VeraSafe can be contacted in addition to emailing us at,

only on matters related to the processing of personal data.

To make such an inquiry, please contact VeraSafe using this contact form or via telephone at +420 228 881 031.

Alternatively, VeraSafe can be contacted at:

VeraSafe Ireland Ltd.

Unit 3D North Point House

North Point Business Park

New Mallow Road

Cork T23AT2P


More information

You can find our Privacy Policy here and our Terms of Service for usage here. For more information please email us at

Did this answer your question?