The GDPR is here.
The European Union has taken a monumental step in protecting the fundamental right to privacy for every EU resident with the General Data Protection Regulation (GDPR) which came into effective May 25, 2018.
Simply put, EU residents will now have a greater say over what, how, why, where, and when their personal data is used, processed, or disposed. This rule clarifies how the EU personal data laws apply even beyond the borders of the EU. Any organisation that works with EU residents' personal data in any manner, irrespective of location, has obligations to protect the data.
Data Collection
At Adaptsys, we believe that GDPR is a force for good and have always honoured our users' right to data privacy and collection. We never rely on advertising via email as a revenue stream. We only use email for direct business operational communications with existing customers or as a response to potential customers and for providing product support. From time to time, we may use email to notify customers of up coming events, provide a newsletter or inform about relevant operational changes. We have never served ads to our users, which means that we have no necessity to collect and process users' personal information beyond what is required for the operation of our business relationship with our customers.
The same as it has always been since we came into business – long before GDPR.
Our GDPR Readiness
Everything starts with setting a clear strategy and rules on how to process Personal Data. Here is how we have prepared for the GDPR.
Data Security
Our Support Centre application has security built into every layer of the product. In particular, we have demonstrated our commitment to data privacy and protection using a platform which meets the industry standards for ISO 27001, and SOC 2 Type 2. We believe it offers customers the highest forms of independent assurance available concerning security compliance. This also includes compliance with the EU-U.S. Privacy Shield Framework with respect to the transfer of data to the US. We recognise that the GDPR will help us move towards the highest standards of operations in protecting customer data.
Data Hosting (Locality)
Our Support Center data servers are located in the most secure types of data centres in US, EU.
Data Encryption
All data transmissions during backup and in flight are encrypted using Transport Layer Security (TLS) 1.2 protocols. We also use the latest and secure ciphers like AES_CBC/AES_GCM 256 bit/128 bit keys for encryption. These ensure that our data is protected from unauthorised access, disclosure or modification.
Sensitive data like passwords, AuthTokens, etc., are encrypted and we also make use of SSL certification too.
Data Access
Adaptsys provides our users with options to access all the data collected via our Support Centre.
The table below lists the different types of information and how users could access them:
Information Type
| Description
|
End User Profile
| End Users can view personal information like name, email address, tickets, etc., via the Profile link, found by clicking on their avatar.
|
Comments and Attachments
| End Users can view their ticket's, comments and attachments via the My Area menu link in Support Centre.
|
Data Rectification
Customers can edit all of their personal information except the email address. We don't allow you to edit email address since it is the unique identifier of the primary contact. However, we can assist you in replacing the email address associated with your Support Centre account. You can email us to request a replacement.
Data Deletion
We have appropriate methods in place to erase service data from within our interface. You can request us to delete your user account at any time, but if any tickets are associated with your account, we would need to port them to another user account within your company to maintain our service records.
Data Portability
Adaptsys does have the ability to carry out a global export of all service data held across all accounts, which is to be only used in the event of migrating to a new service platform.
Data Retention
Any deleted data is held for up to 60 days, moved to our "Recycle Bin". After that time, data will be deleted from the Recycle Bin and the database.
Data Disclosure
Data disclosure defines the level of access so that only authorised users can create, access, edit, or delete service data. Our Support Centre uses Profiles to assign permissions for different set of user types, to restrict unauthorised access.
Data Audit
Data audits help us ensure our platform is secure and monitor for unexpected changes or usage trends. We employ audit logs as part of our GDPR compliance, which allows us to inspect information about every create, edit and delete made to our database records, in a comprehensible and user-friendly format.
FAQs
1. What is Service Data?
Any information (includes personal data) used, stored or transmitted via our Support Centre is referred to as Service Data.
2. Who is the owner and controller of the data stored?
Adaptsys is the controller and the owner of data throughout the time our platform is operational. Our platform provides us with the tools necessary to exercise our right to be in control of our data.
Our platform provide, is a processor that carries out all processing operations based on the Controller's (Adaptsys) instructions.