GDPR Commitment


Committed to partnering to assist you

in meeting GDPR requirements.

Tourmo - GDPR


GDPR Commitment

Tourmo (DBA) Tourmaline Labs data operates on a shared responsibility model with our customers and we are committed to partnering to assist you in meeting GDPR requirements.


Tourmo (DBA) Tourmaline Labs, Inc. has been preparing for the European Union’s (EU) General Data Protection Regulation (GDPR) since early 2018. Tourmo (DBA), Tourmaline Labs, Inc. enhanced processes and procedures to ensure we met both our Data Controller and Data Processor obligations. Looking forward, Tourmo (DBA), Tourmaline Labs Data is continuing to monitor changes in the Privacy landscape and specifically has started the process of assessing expectations of California Consumer Privacy Act, which will go into effect in 2020. 

With respect to GDPR, Tourmo (DBA) Tourmaline Labs Data is fully compliant (with the rules implemented effective May 25, 2018, set by the European Council). In support of GDPR compliance, Tourmo (DBA), Tourmaline Labs Data enhanced our website for increased transparency related to our:

  • Privacy Policy
  • Opt-In Practices
  • Legal Terms and Conditions
  • Cookie Policy
  • Data Subject Request




Tourmo (DBA) Tourmaline Labs Data’s security team had determined that our current security controls and certifications including SOC 2 Type II, and Privacy Shield compliance, allow us to adhere to the GDPR’s requirements. This analysis also includes supporting our customers in meeting their GDPR obligations in working with our partners in the United States and European Union.

In alignment with Tourmo (DBA), Tourmaline Labs Data’s practices, we firmly believe in transparency and wanted to provide additional insight into what we are doing to meet ongoing GDPR obligations.




GDPR requires clear, easily readable privacy policies that explicitly state which data is being collected, used, stored and shared. Tourmo (DBA) Tourmaline Labs took the opportunity to refresh our privacy policy in conjunction with our legal counsel to ensure it is incorporating new areas of the policy, but also to make sure that it continues to be easily readable. Another step for Tourmo (DBA) Tourmaline Labs Data was to enhance how we allow customers to opt-in  to our services.  We also recommend you take the time to gather and store your customer’s consent for your services or utilization of our platform (Software & Services, API & SDK).




Tourmo (DBA), Tourmaline Labs Data only stores data that is necessary for the service to be operational for the duration it is required. As a customer, depending on how you set up Tourmo (DBA) Tourmaline Labs Data, you will control which data is processed by our service. As such, you should follow your internal practices to ensure the security and privacy of your customers’ data and avoid introducing any unnecessary in-scope GDPR information with Tourmo (DBA) Tourmaline Labs Data. We recommend following the “Goldilocks rule” of using what is “just right” and following the practice of minimization.


Right To Be Forgotten


For any of Tourmo (DBA) Tourmaline Labs Data’s customers who receive requests from their customers, where Tourmo (DBA) Tourmaline Labs Data is acts as a Data Processor (Sub processor), if you remove the data from your origin database there is no heavy lifting as the requested customer’s information should be removed automatically.  If you would like further details on how this works please reach out to your Customer Success Manager, Account Executive, or through Tourmo (DBA) Tourmaline Labs Data chat.

For Tourmo (DBA) Tourmaline Labs Data’s direct customers, where Tourmo (DBA) Tourmaline Labs Data is the Data Controller, we have an established process to request and process the removal of your information in the case you would like to be forgotten from our various processes and systems.  Please use our Contact Us page and let us know how we can help protect and respect your privacy.

Tourmo (DBA), Tourmaline Labs, Inc. maintains a log of deletion requests and requests status. Once a user is deleted from our system all associated information is permanently removed and will not be recoverable. 




Tourmo (DBA) Tourmaline Labs Data has implemented many controls to ensure confidentiality, integrity, and availability of data: 

  • Tourmo (DBA) Tourmaline Labs Data has strong data protection controls, which include encryption in transit and at rest of customer data to safeguard customer data from unintended access or misuse.
  • Tourmo (DBA) Tourmaline Labs Data employs a continuous security testing strategy to aid in the proactive identification of software vulnerabilities.
  • Tourmo (DBA) Tourmaline Labs Data maintains incident response and customer notification processes. These procedures are tested on an appropriate cadence.
  • Tourmo (DBA) Tourmaline Labs Data is distributed across multiple AWS availability zones (AZs). This posture allows for a self-healing infrastructure with redundant servers for critical services present in each AZ.
  • Tourmo (DBA) Tourmaline Labs Data has reviewed all key sub processors, i.e. Amazon Web Services (AWS), the security controls related to the physical and logical controls have been tested in AWS SOC audit report, ISO 27001 certification and FedRAMP ATO. 
Product Scroller v2