GDPR

Background
On May 25 2018, the European Union (EU) began enforcing the General Data Protection Regulation (GDPR). After Brexit, the United Kingdom adopted the UK GDPR. Together, these regulations harmonize data-protection rules across the EU and UK and give individuals stronger, more consistent rights over their personal information.

Our Commitment
Yin Yang Inc. (“we”, “us”, “our”, ClonePartner) takes data-privacy and security obligations seriously. We continuously review our operations to keep every aspect of the clonepartner.com platform and our associated services—including bespoke data migrations, custom integrations, automated backup and recovery, continuous data sync, and implementation-partner engagements—aligned with GDPR requirements.

1. Controller and Processor Roles

  • Data Controller: For any personal information submitted directly on clonepartner.com (e.g., contact forms, demo requests, job applications), ClonePartner determines the purposes and means of processing.
  • Data Processor: When customers use our Services and supply personal information about their end-users, we process that data strictly on their documented instructions.

2. Risk Assessment

We conduct organization-wide information-discovery exercises to identify:

  • what personal data we hold,
  • where it originates,
  • how and why we process it, and
  • with whom it is shared.
    Findings drive continual improvements to our technical and organizational safeguards.

3. Data-Subject Consent

  • Website visitors must affirmatively consent to our Privacy Policy and Cookie Policy before we collect or process their personal data.
  • Users can exercise GDPR rights—access, rectification, erasure, restriction, objection, and portability—by contacting legal@clonepartner.com.

4. Contracts with Sub-processors

When acting as a Controller, we execute GDPR-compliant data-processing agreements with every sub-processor, ensuring they handle personal data only under our instructions and with robust security controls.
As a Processor, we adopt the safeguards and follow the instructions defined in each customer’s data-processing addendum.

5. International Data Transfers

We rely on:

  • the EU Standard Contractual Clauses (SCCs) and
  • the UK International Data Transfer Addendum (ITDA)
    to provide a lawful basis for any transfer of personal data outside the EU or UK.

6. Data Retention & Erasure

ClonePartner’s internal Data-Protection Compliance Policy embeds the GDPR principles of data minimization and storage limitation. Personal data is retained only as long as necessary for its stated purpose, after which it is securely deleted or anonymised.

7. Article 30 Record-Keeping

We maintain detailed records of all personal-data processing activities—both as Controller and as Processor—in line with Article 30(1) and 30(2) requirements.

8. Breach Response

Robust preventive measures reduce the likelihood of a data breach. Should a breach occur, we will:

  1. Contain and investigate the incident immediately.
  2. Notify affected customers and the relevant supervisory authority without undue delay, following GDPR timelines.
  3. Provide timely updates and remediation actions to all stakeholders.

9. Ongoing Compliance

We review policies, contracts, and security controls regularly, train staff on data-protection best practices, and audit sub-processors to ensure continued adherence to GDPR standards.

Questions?
For any GDPR-related inquiry, reach us at legal@clonepartner.com. ClonePartner remains committed to safeguarding personal data and upholding every right granted under the GDPR.