Back to Support

The legalities of using data

Published 30 Sep 2020 by Ellice Eadie, CANDDi
Read this in about 2 minutes

Since GDPR came into effect in 2018, we’ve more questions about it than I’ve had roast dinners! Is CANDDi GDPR compliant? Is tracking software legal? Yeah, but is it ethical? The answer to all of these questions is of course, YES. CANDDi is totally GDPR compliant and everything we do is absolutely legal, phew.


An important part of GDPR legislation is how the roles of the ’data controller’ and ‘data processor’ are defined.

A controller is – ‘the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.’. The controller, in this case, would be the client.

A processor is – ‘the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller’.

From a CANDDi perspective, we’re a data processor as no personal data is shared, or synced between client accounts. Any data processed is the property of the Client and remains as such throughout the CANDDi journey.

It is the Controllers’ responsibility to assure data processing is compliant with the law, but Processors should provide sufficient guarantee they will meet the requirements and protect data subject rights.

How do I ensure I comply?

The GDPR legislation sets out rules for dealing with data, primarily regarding transparency, protection, collection and disposal.

You need to be clear to visitors about the data you’re collecting and for what purposes, and you need to dispose of this data according to the legislation.

The ICO has an excellent, in-depth guide to GDPR here.

Does CANDDi comply?

When it comes to CANDDi’s policies, we won’t bore you with the long legal details. The short version is this:

  • We don’t own/ share/ sell your data to anyone
  • We’re really on the ball with data protection laws and security
  • We store any data we’re processing within the EU on secure servers.

Of course this is just a summary of the most important parts and doesn’t replace the privacy page. But you can rest assured that CANDDi does not share and will never share any personal identifiable data between our customers. Ensuring both you and us remain on the right side of GDPR compliance. Anddd relax!

If you want to know more, you can read our privacy policy here.