To learn more about Chameleon's commitment to complying with GDPR please read this overview article. 

Under the GDPR, Chameleon is considered a Data Controller (for the data collected about you, our customer) and a Data Processor (for the data collected about our customers' users). 

The article below describes our obligations to our customers as a Data Controller. To learn how we help our customers become GDPR compliant, and fulfill our responsibilities as a Data Processor, please read this.

The GDPR provides users with fundamental rights relating to controlling their personal data.

Personal data is defined as any information relating to a person who can be directly or indirectly identified in particular by reference to that information. This can include name, email or other identifiers. 

Chameleon upholds these rights for all our customers and you can learn more about these and how to exercise them below. 

Individuals need to be informed about the collection and use of their personal data in a clear and transparent way. 

Read about how what data Chameleon collects and why here, and which vendors Chameleon sends data to here.

Individuals can request a copy of their personal data so they can be aware of / validate its lawful processing.

Individuals are entitled to have personal data rectified if it is inaccurate or incomplete. 

Individuals can request the deletion of their personal data if it is no longer necessary (for the original purpose) or they no longer consent. 

Individuals can request a restriction on usage of their personal data (not erasure) if they believe it to be inaccurate or unlawfully processed.

Individuals are entitled to obtain their personal data (in a commonly used format) to reuse for their own purposes across different services.

Individuals can object to their data being processed for direct marketing or research. 

You can unsubscribe from our blog updates here. To unsubscribe from all our product update emails, please email us from your Chameleon-registered email address. 

Companies can only leverage automated decision-making (without involvement of individuals) that create legal or similarly significant effects upon individuals in very limited and specific circumstances.

Chameleon does not make any automated-decisions based on personal data that cause significant effects to individuals.
​ 

To make any data request related to the rights above (e.g. to request a copy, or to object, update or erasure etc.) please please email us at security@trychameleon.com from the email address associated with your Chameleon account. 

We will respond within 30 days, the required legal time window within GDPR, but hopefully sooner.