The EU General Data Protection Regulation (GDPR) will set a new standard for how companies use and protect EU citizens’ data. It will take effect from May 2018.
At Salesmate, we are committed to security and privacy of our customers, we’ve been working hard to prepare for GDPR, to ensure that we fulfill all obligations to maintain data integrity and provide transparency about how we use data.
Here’s an overview of GDPR, and how we are preparing for it:
The EU General Data Protection Regulation (“GDPR”) is a new comprehensive data protection law that comes into effect on May 25, 2018. The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.
Does it affect me?
If you hold or process the data of any person in the EU, then GDPR will apply to you, whether you are based in the EU or not.
Our commitments as a data controller and processor
The GDPR has different requirements based on nature of your business and identifiable data you process of any individual.
Data controllers are the companies who offer supply goods to EU residents, provide services to them or decide about how to capture, monitor and process data of EU residents. As one of our customer, you are likely a data controller under GDPR. And you are supposed to work with data processors who are also GDPR compliant.
Data processors are vendors or business that process data on behalf of you (data controller). Salesmate will be considered as a data processor over here.
We will be ready for the GDPR as both a data controller and when acting as a data processor on your behalf.
Update Data Processing Agreement: We are upgrading our Data Processing agreement ( DPA ) to permit you to lawfully transfer EU personal data to Salesmate and allow Salesmate to continue to receive and process data lawfully.
Secure data transfer and storage outside the EU: Salesmate agrees to protect any data originating from EEA ( European Economic Area ) in line with European data protection standards. The EU-US Privacy Shield is a framework negotiated and agreed by the European Commission and U.S. Department of Commerce as a lawful way of transferring personal data.
To comply with EU data protection laws around international data transfer, we have applied for self-certified under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield framework.
Security measures: Salesmate secures your data in transit and at rest. It has restricted and secure access to continuous incident monitoring.
Processing according to controller instructions: As has always been the case, we only process personal data according to instructions from the controller (our customers).
Prompt breach notifications: In line with our current policies, Salesmate will promptly inform you of any incidents involving your users’ personal data.
We have also prepared ourselves to address any requests made by our customers to govern their rights under the GDPR:
Right to be forgotten: You may terminate your Salesmate account at any time, in which case we will permanently delete your account and all data associated with it.
Right to object: You can request us to opt-out from marketing emails or stop tracking information used for support or product improvements.
Right to rectification: You can access and update your Salesmate account settings at any time. You can correct or complete your account information. You may also contact Salesmate at any time to access, correct, amend or delete information that we hold about you.
Right of portability: You can export your account data any time using our API and export features.
How will Salesmate assist you to be GDPR complaint?
Right to be forgotten: You can delete any individual contact on their request. Salesmate will not track any further information about that contact. Please note activities and deals related to a particular contact can have multiple people involved inside, so those records are not auto-deleted, but you can still search for all records and do a bulk delete.
Right to object: Your contacts can request you to stop any tracking for them, and Salesmate will honor that request and will prevent any further tracking.
Right to rectification: Salesmate allows users to edit contact’s data based on their access rights. So any contact can request to you and get their data updated.
Right to access and portability: Under the GDPR, EU residents have a right to access their personal data and are entitled to obtain their personal data in a commonly used format, such as a CSV file. Salesmate’s export contact data feature help you to build a complete picture of contact data which you have stored inside Salesmate and that can be shared with them in the structured format.
If you have any questions or suggestions about GDPR, then please let us know.