The full version of our GDPR Commitment is available on our website.


What is GDPR?

The General Data Protection Regulation (GDPR) is a new European privacy law due to become enforceable on May 25, 2018. The GDPR will replace the EU Data Protection Directive, also known as Directive 95/46/EC, and is intended to harmonize data protection laws throughout the European Union (EU) by applying a single data protection law that is binding throughout each member state.

What does the GDPR regulate?

The GDPR regulates the data processing for all EU individuals including collection, transfer, use, and storage. All organization that processes personal data of EU individuals is within the scope of the law. Moreover, it is not essential whether the organization has physical offices in the EU or not. Importantly, under the GDPR, the concept of “personal data” covers any information relating to an identified or identifiable individual (“data subject”).

Who does the GDPR apply to?

The GDPR applies to all organizations established in the EU and to organizations, whether or not established in the EU, that process the personal data of EU data subjects in connection with either the offering of goods or services to data subjects in the EU or the monitoring of behavior that takes place within the EU. Personal data is any information relating to an identified or identifiable natural person. 

What are the Model Clauses?

The Standard Contractual Clauses (also known as "model clauses") are a set of standard provisions defined and approved by the European Commission that can be used to enable personal data to be transferred in a compliant way by a data controller to a data processor outside the European Economic Area (EEA).

Is WebSpellChecker GDPR-compliant?

Yes, WebSpellChecker is GDPR-compliant. For more details, see our GDPR services readiness and commitment announcement on the WebSpellChecker's GDPR Commitment page.

What has WebSpellChecker been doing in preparation for the GDPR?

We believe that the GDPR is a significant step forward in data privacy and support the GDPR’s emphasis on strong data privacy protections and security principles. We are committed to ensuring that we are GDPR-compliant when the law becomes enforceable on May 25, 2018 and is dedicated to helping our customers become GDPR compliant.

Here are some steps that we have already performed towards being GDPR-ready:

  • We're offering our customers a GDPR-compliant Data Processing Addendum (DPA) to the Terms of Service, as well as Standard Contractual Clauses governing the processing of EU personal data.
  • We have updated our Privacy Policy that goes into effect on May 25, 2018. It provides transparency with respect to our data collection and handling practices.
  • We’ve added a new Cookies Policy to make it easier to review alongside our use of cookies and other technologies.
  • We’ve implemented a number of technical and organizational safeguards designed to protect the security and integrity of your data.
  • We’ve appointed a Data Protection Officer (DPO) to oversee our privacy and data protection compliance. Get in touch directly at
  • Personal data of our customers and their authorized users of WebSpellChecker’s proofreading services is processed in order to provide such services pursuant to the Terms of Service and in accordance with the Privacy Policy and DPA. We obtain consent before collecting personal data for any other reason and gives data subjects the opportunity to withdraw consent at any time.
  • We’re working with all relevant 3rd party vendors and subprocessors to make sure they’re GDPR-ready and that we have signed DPAs. You may find the full list of our subprocessors as well as purposes of subprocessing and subprocessors locations on the WebSpellChecker Subprocessors page.
  • We ensure our staff that access and process your personal data have been trained in handling that data and are bound to maintain the confidentiality and security of that data.
  • For every new product and enhancement, we will be proactively applying the data protection by design principles.

Does WebSpellChecker offer a Data Processing Addendum (DPA)?

Yes. We offer our customers a GDPR-compliant Data Processing Addendum (DPA) to the Terms of Service, as well as Standard Contractual Clauses governing the processing of EU personal data. Our DPA outlines the privacy and security protections we have in place. We are committed to GDPR compliance and to helping our customers comply with the GDPR when they use our services.

If the GDPR applies to your company and you don’t already have a DPA in place with us, please go to the DPA page download the DPA. Follow the instructions provided to sign and return it to us.

Does the WebSpellChecker Data Processing Addendum (DPA) contain the Model Clauses?

Yes, our DPA contains the Model Clauses. It gives us a legal basis for personal data to be transferred in a compliant outside the European Economic Area (EEA).

Can I make changes to the WebSpellChecker DPA?

The WebSpellChecker DPA is an extension of our Terms of Service and reflects our compliance with GDPR requirements (including those specifically set forth under Article 28) as applicable to our Services. Just as with our Terms of Service, we're unable to make any changes to our DPA on a customer-by-customer basis.

Am I required to sign the WebSpellChecker DPA?

In order to use our products and services, you need to accept our DPA. By agreeing to our Terms of Service, you are automatically accepting our DPA and do not need to sign a separate document.

Whom I should contact if I have questions regarding WSC and GDPR?

If you have any questions about security, reliability, privacy, and GDPR please reach us at

Does WebSpellChecker have a notification process in place in the event of a data breach?

We will inform you promptly in the event we learn of any unauthorized access, disclosure, or destruction of your customer data per the terms of your agreement with us.

Has WebSpellChecker appointed a Data Protection Officer?

Yes. We’ve appointed a Data Protection Officer (DPO) to oversee our privacy and data protection compliance. Get in touch directly at

Does WebSpellChecker use subprocessors to further process customer data?

WebSpellChecker uses 3rd party subprocessors to provide infrastructure services and to help us provide customer support and email notifications. You may find the full list of 3rd party subprocessors engaged by us on the WebSpellChecker Subprocessors page. 

What is WebSpellChecker’s role under GDPR?

We act as both a data processor and a data controller under the GDPR.

  • WebSpellChecker as a data processor. When customers use our products and services to process EU personal data, we act as a data processor. For example, we will be a processor of EU personal data and information that are sent for proofreading via our services. This means we will, in addition to complying with our customers' instructions, need to comply with the new legal obligations that apply directly to processors under the GDPR.
  • WebSpellChecker as a data controller. We act as a data controller for the EU personal data we collect to provide our products and services and to provide timely customer support. This customer information includes things such as customer name and contact information.

Where does WebSpellChecker store and process my data?

WebSpellChecker stores and processes data in its AWS data centers located in the U.S.

As WebSpellChecker performs processing inside the United States (as we are using AWS data centers located in the United States), use of our service may involve exporting your Personal Data outside of the European Economic Area (EEA). In such a case, you should consider using our new Data Processing Agreement (DPA). This agreement contractually gives your personal data the same protections as if the data was being processed inside of the EEA and complies with the GDPR personal data export requirements.

What's changing with our new Privacy Policy?

We have released an update to our Privacy Policy which comes into effect starting on May 25th, 2018. Our Privacy Policy updates will give you more clarity and control over how we collect and use your personal data when delivering our products and services.