General Data Protection Regulation (GDPR)
Passed in 2016, the new General Data Protection Regulation (GDPR) is the most significant legislative change in European data protection laws since the EU Data Protection Directive (Directive 95/46/EC), introduced in 1995. The GDPR, which becomes enforceable on May 25, 2018, seeks to strengthen the security and protection of personal data in the EU and serve as a single piece of legislation for all of the EU. It will replace the EU Data Protection Directive and all the local laws relating to it.
We support the GDPR and will ensure all Salespanel services comply with its provisions. Not only is the GDPR an important step in protecting the fundamental right of privacy for European citizens, it also raises the bar for data protection, security, and compliance in the industry.
What is the GDPR?
The General Data Protection Regulation (GDPR) is a new European privacy law that goes into effect on May 25, 2018. The GDPR will replace the EU Data Protection Directive, also known as Directive 95/46/EC, and will apply a single data protection law throughout the EU.
Data protection laws govern the way that businesses collect, use, and share personal data about individuals. Among other things, they require businesses to process an individual’s personal data fairly and lawfully, allow individuals to exercise legal rights in respect of their personal data (for example, to access, correct or delete their personal data), and ensure appropriate security protections are put in place to protect the personal data they process.
We have taken steps to ensure that we are compliant with the GDPR.
What is Salespanel's role under GDPR?
We act as both a data processor and a data controller under the GDPR.
Salespanel as a data processor: When customers use our products and services to process EU personal data, we act as a data processor. For example, we will be a processor of EU personal data and information that gets uploaded into a Salespanel account. This means we will, in addition to complying with our customers instructions, need to comply with the new legal obligations that apply directly to processors under the GDPR.
Salespanel as a data controller: We act as a data controller for the EU customer information we collect to provide our products and services and to provide timely customer support. This customer information includes things such as customer name and contact information.
What have we done to comply with GDPR?
We have conducted an extensive analysis of our operations to ensure we comply with the new requirements of the GDPR. With the help of external advisors, we have reviewed our products and services, customer terms, privacy notices and arrangements with third parties for compliance with the GDPR.
What personal data do we collect and store from our customers?
We store data that customers have given us voluntarily. For example, in our role as data controller, we may collect and store contact information, such as name, email address or physical address, when customers sign up for our products and services or seek for support and help. We also may collect other identifying information from our customers, such as IP address, SSH public keys or Oauth tokens for external services.
We separately act as a data processor when customers use our products and services to process EU personal data. For example, we will be a processor of EU personal data and information when a user visits on a customer's website. Customers decide what personal data, if any, is uploaded to our products and services by installing the tracking code and installing our apps.
Do we transfer data internationally?
The GDPR replicates the Data Protection Directive restrictions on transferring data outside the EU and prohibits the export of personal data outside of the EU to non-EU recipients unless the export meets certain criteria. Companies are required to provide “appropriate safeguards” for data that they host and process outside the EU. We assure you that the data stored by Salespanel complies with the EU-U.S. Privacy Shield framework.
Although we are headquartered in India we use certain services located in the US (For example, payments, web servers or customer support chat). In certain circumstances, will process personal data that originates from the EU in the United States.
How do we handle delete instructions from customers?
Customers have the ability to remove or delete information they have uploaded to our products. Likewise, customers may deactivate their account by contacting us at firstname.lastname@example.org and request that all personal data we have collected and stored is deleted.
What is the Salespanel's Data Processing Agreement ("DPA")?
Customers that handle EU personal data are required to comply with the privacy and security requirements under the GDPR. As part of this, they must ensure that the vendors they use to process the EU personal data also have privacy and security protections in place. Our DPA outlines the privacy and security protections we have in place. We are committed to GDPR compliance and to helping our customers comply with the GDPR when they use our services. We have therefore made our DPA available to all our customers and it can be found here: Data Processing Agreement.
Are customers required to sign the Salespanel DPA?
In order to use our products and services, you need to accept our DPA, which we have provided a link to on our website: Data Processing Agreement. By agreeing to our Terms of Service, you are automatically accepting our DPA and do not need to sign a separate document.
How can a customer view and download content from our services and transfer it to another provider?
If you need to access and download the content from your Salespanel account you can do so by using Export feature available on your Salespanel dashboard. Your data will start downloading immediately in CSV format and is portable to another provider.