Overview
Passed in 2016, the new General Data Protection Regulation (GDPR) is the most significant legislative change in European data protection laws since the EU Data Protection Directive (Directive 95/46/EC), introduced in 1995. The GDPR, which becomes enforceable on May 25, 2018, seeks to strengthen the security and protection of personal data in the EU and serve as a single piece of legislation for all of the EU. It will replace the EU Data Protection Directive and all the local laws relating to it.
We support the GDPR and will ensure all Salespanel services comply with its provisions. Not only is the GDPR an important step in protecting the fundamental right of privacy for European citizens, it also raises the bar for data protection, security, and compliance in the industry.
Salespanel's GDPR compliance
Salespanel as a lead tracking service acts as both a data processor and a data controller under the GDPR.
Salespanel as a data processor:
When customers use our products and services to process EU personal data, we act as a data processor. For example, we will be a processor of EU personal data and information that gets uploaded into a Salespanel account. This means we will, in addition to complying with our customer's instructions, need to comply with the new legal obligations that apply directly to processors under the GDPR. However it's Salespanel's customer responsibility to get valid lawful consent from their visitors in order to process their personal data.
Salespanel as a data controller:
We act as a data controller for the EU customer information we collect to provide our products and services and to provide timely customer support. This customer information includes things such as customer name and contact information.
As part of our compliance with GDPR legislation, we've updated our Privacy Policy to make it more understandable, relevant, transparent, and to reflect all the recent changes to data protection laws and provide additional clarity regarding how we collect, store and process your information
Important documents
Data Processing Agreement ( DPA )
GDPR related common concerns
What should I be doing in order compliant with Salespanel's data protection policies?
In order to use our products and services, you need to accept our DPA, which we have provided a link to on our website: Data Processing Agreement. By agreeing to our Terms of Service, you are automatically accepting our DPA and do not need to sign a separate document.
We have provided a guideline on how to establish a lawful relation with Salespanel while using Salespanel services to serve your customers. Please go through: GDPR Compliance checklist for Salespanel customers
What we have provided is an outline to be GDPR compliant with Salespanel however it's your responsibility to obtain a valid consent and abide by the local laws about data protection and security.
How does Salespanel collect personal data?
We suggest you read Section The information we collect and Section How we use the information we collect of our Privacy Policy for more details.
Low-level details
Salespanel provides a tracking code to be installed on the customer website. The customer can control on which web pages, this tracking code should be executed.
Customer's website asks an explicit user's consent in order to execute the tracking code. GDPR Compliance checklist for Salespanel customers.
After installation when a visitor visits the customer's website the tracking code sends information to our servers in a secure manner about the web visit.
We DO NOT STORE any personally identifiable data at this step except the IP address of the anonymous visitor in order to look at the reverse DNS details of the visitor.
A random user id is installed in the visitor's browser as a cookie to uniquely identify the browser session.
The cookie installed by Salespanel is NOT a third party cookie so you can handle the consent for it just like you handle all your other cookies. You should add Salespanel cookies track_uid to your cookie policy.
To this point that visitor record remains anonymous meaning it is not affected by GDPR regulations.
If the user fills up an email in any web form having an email address ONLY the email address is sent to Salespanel servers and now the end user is an identified person.
Please note that it's in full control of the customer on which web pages web forms should be tracked. We don't track and can't track any webform in an iframe element such as payment processing forms provided by third party payment processors OR web forms provided by the third party applications
From this point onwards Salespanel acts like a data processor and tracks web visits of the identified visitor to provide lead tracking services to its customers.
What data does Salespanel collect?
From our customers
Username, first name, last name, email address, business name, business address, business website URL. If you are connecting Salespanel with other applications we store OAuth tokens to connect with other GDPR compliant applications.
From anonymous visitors on our customer's website
IP Address of the visitor
From identified visitors on our customer's website
The email address from a form input field in the same web domain of the customer's website and which is not an iframe element.
From all visitors on our customer's website
(a) Visited web URL including query parameters.
(b) Referring URL of the web visit.
(c) Browser's User Agent details.
(d) Device details including OS version.
(e) Visiting country and city location name.
How does Salespanel use the personal data collected?
To provide our lead tracking services to our customers:
- Using our data GDPR compliant subprocessors to provide publicly available information about the person, such as social media profiles and business websites.
- Lead generation: To identify visiting companies by using publicly available reverse DNS information associated with the IP address of the visitor.
- Lead Tracking: To provide you details about lead's web visits for sales and marketing purpose.
We communicate with you for Service-related purposes, including promotional emails, messages, and notifications. You can control how you receive messages from us. We may also send you occasional newsletters to inform you about our products, services and offer you useful information. You can opt-out of these at any time.
For Payment and billing
We will collect payment and billing data from customers who use our paid plans to fulfill payments for the services.
For analytics and improving services
We analyze your information about your activities to improve our services and develop new functionalities.
Does GDPR require that EU personal data be stored in the EU?
No, it does not. Neither current EU law nor the GDPR requires that EU personal data be stored in the EU. Instead, companies are required to provide “appropriate safeguards” for data that they host and process outside the EU. The data stored by Salespanel complies with the EU-U.S. Privacy Shield framework.
Where does Salespanel store data?
Our data is stored on Amazon Web Services (AWS) and Digital Ocean servers that are located in the United States.
How long the data is stored?
One year. We don't store data for a visitor for more than a year. However, it's a subject to the lawful data processing requirement of the GDPR compliant customer. We don't process any data from our customers other than to serve our service contract. Abandoned account are removed periodically with account downgrade notices.
Do you have any Subprocessors?
Yes. FullContact, Amazon Web Services, Hunter (for Prospect data only) and Digital Ocean. They all are GDPR compliant.
As a user can I have Salespanel remove my data?
Yes, you can delete your visitors details from your Salespanel account by using the "Delete Contact" feature. Once you delete a contact no data related to that visitor on your website is left behind. It is removed from all our servers immediately.
Where can I delete my Salespanel account?
You can ask our support to delete your account. Your request will be verified first and processed within a few business days. When we delete your account, all information related to your account including your details and your contact details is removed from our servers and irrecoverable.