GDPR Overview

Control over personal data is a fundamental right of every individual. With organizations across the world collecting customer data to enable them to provide services, it becomes important that companies manage data in a transparent manner with the customer’s consent.

GDPR, stands for “General Data Protection Regulation”. It is one of the most important changes made to data privacy regulations in the last two decades. It establishes a new framework for handling and protecting the personal data of EU-based residents and is in effect since January 1st, 2019. It provides the citizens of the EU greater control over their personal data and assures them that their information is protected.

Does GDPR affect you?

Although GDPR is a data protection framework for the citizens residing in the EU, it also applies to all companies that handle personal data of individuals from the EU. This means that almost every major corporation in the world will need to be ready when GDPR comes into effect. If you or your organization stores and processes personal data in connection to services or goods offered in EU, then the laws applies to you as well. Also, in the the event of infringement of these laws, you can face fines and penalties from 10 million to 20 million dollars or 2% to 4% of the annual revenue of the organization depending upon whichever is higher.

Our commitment to GDPR

Personal Information

We are fully GDPR compliant since the 1st of January 2019. Over the past few months, multiple internal teams have been working towards making sure that we are aligned to the GDPR framework. Also, we’ve built product features for greater privacy and data control. You can learn about our organization wide efforts for GDPR here

As an organization, SracomConnect has always implemented and practiced processes which ensure that customer data is stored and processed in ways necessary only to serve our customers in the best possible way. Our privacy, security and data storage policies are also streamlined with the GDPR goals and objectives. Know more about the privacy and security policies here

GDPR Readiness Initiatives at SracomConnect

SracomConnect is committed towards upholding the underlying principles of GDPR and here are some of the initiatives we’ve undertaken

Accountability

At SracomConnect, there exists an established Privacy Policy created with support from our leadership. Our leaders commit to support and provide guidelines for data protection compliance through a framework of standard policies and procedures.

Payment Information

In case of services requiring payment, we request credit card or other payment account information, which will be used solely for processing payments. Your financial information will not be stored by us except for the name and address of the card holder, the expiry date and the last four digits of the Credit Card number. Subject to your prior consent and where necessary for processing future payments, your financial information will be stored in encrypted form on secure servers of our reputed Payment Gateway Service Provider who is beholden to treating your Personal Information in accordance with this Privacy Policy Statement.

Customer’s Personal Data with SracomConnect

The GDPR requires organizations to provide more information about the way individuals’ information is used. SracomConnect delivers on our customer’s privacy policy objective by enabling comprehensive data flow and process maps for the customer’s data which is updated and is in line with the GDPR guidelines. We incorporated a Data Processing Addendum (DPA) into our Terms of Service so customers who subscribe to SracomConnect have their data protected by GDPR. Know more about the Data Processing Addendum here.

Privacy by Design and Default

Programs, projects, and processes at SracomConnect are aligned to Privacy Principles right from the inception of an idea or project, thereby supporting Privacy by Design and Default principles.

Individual Rights, Subject Access, and Communication

The GDPR program thoroughly evaluates how SracomConnect, both as a data controller and processor, is placed with its existing procedures for readiness to

  • Provide rights of individuals under GDPR
  • Assist customers in responding to data access requests from individuals.

Features built for GDPR readiness

Right to be Forgotten

SracomConnect lets you delete employee/manager data permanently. You can delete the employee/manager’s profile and all the data associated with it like tickets raised by them, team huddle discussions, phone conversations, chats, satisfaction ratings provided, topics created and discussions in forums.

A delete or an export request from a customer would have to be routed via the admin who validates if the requestor is genuine.

End-User Profile Deletion

SracomConnect currently supports the deletion of end-user profile information with an option of soft delete as well as permanent delete which will erase all associated data like tickets, forums, calls and so on. Know more about how to delete end-user profile here

Employee Profile Deletion

We currently support the deletion of Agent profile information with soft delete and permanent delete options where all their contributions like knowledge base articles, tickets and team huddle discussions are anonymized and all PII (Personally Identifiable Information) is deleted forever.