What Scoro is Doing to Comply with GDPR
After four years of preparations and debate, the European Union’s General Data Protection Regulation (GDPR) was confirmed in April 2016 and will be fully enforced from 26th May of 2018.
This legislation was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations approach data privacy. It has created quite the buzz for the past year, businesses are eagerly preparing, improving their policies and making sure all data processing is compliant with the regulations.
In this article, we will give you an overview of the information we collect, how we process and secure it, and what are your rights as a Scoro User regarding your data.
First, let’s look at some of the main terminologies
What is considered “personal data”? Per the GDPR, personal data is any information relating to an identified or identifiable individual. Meaning, information that could be used, on its own or in conjunction with other data, to identify an individual. Personal data will now include not only data that is commonly considered to be personal in nature (e.g., social security numbers, names, physical addresses, email addresses), but also data such as IP addresses, behavioral data, location data, biometric data, financial information, and much more.
What does it mean to “process” data? Per the GDPR, processing is “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.” Basically – collecting, managing, using or storing any personal data of EU citizens.
Improved clarity and transparency
The Policy does not apply, however, to the data our Users gather about their Clients. You are considered the data controller for their personal data, Scoro will act as a data processor. In other words – you decide if and what information, including personal data, you want to store and process in Scoro.
What information we collect
We collect your personal data in the following ways:
- you provide us with your personal data yourself;
- your personal data is provided to us by the representative of the Client or another User (within your company);
- we receive your personal data from a third party (e.g. when a third party payment service provider confirms whether your payment was successful or not);
- we have collected your personal data by automatic means. Such processing also includes collecting data about leads (trial and demo Clients, marketing leads and their representatives) from public registers.
How we use the information we collect
We mainly process your personal data to serve your needs and making sure you are getting the most out of Scoro’s platform. This includes providing customer support and contacting you regarding our services.
We process the following personal data:
- identification data (name, date of birth, picture);
- contact data (work address, work phone number, work e-mail address);
- employment data (Client’s company, position within the Client’s company);
- communications data (e-mails, messages sent to us);
- data related to the use of the Scoro Platform and the Services.
To whom we disclose information
Data processors. We use carefully selected service providers (data processors) in processing your personal data. In doing so, we remain fully responsible for your personal data.
We use the following categories of data processors: data collection, management and storage providers, email service providers, messaging service providers, pop-up service providers, customer relationship management and feedback service providers, direct marketing service providers, payment service providers, accountants, and legal and other advisors.
Third parties. We only share your personal data with third parties if required under the applicable law (e.g. when we are obligated to share personal data with the authorities) or under your consent.
To the extent required by applicable data protection regulations, you have all the rights of a data subject as regards your personal data. Such rights include the following:
- request access to your personal data;
- obtain a copy of your personal data;
- rectify inaccurate or incomplete personal data;
- erase personal data;
- restrict the processing of personal data;
- portability of personal data;
- object to the processing of personal data which is based on legitimate interest and which is processed for direct marketing purposes.
Data security and retention
Security. We invest in a privacy and security program to protect our customers’ data. It’s the first step to reinforcing customers’ confidence in how we value, treat, and protect their data.
We take appropriate technical and organizational security measures in protecting your personal data, taking into account the state of the art, costs of implementation, nature, scope context and purposes of the processing, and risks posed to you.
The mechanisms, policies, and procedures in use for safeguarding stored data are in compliance with ISO 9001 and ISO 27001 certifications (use of intrusion detection, anti-virus, firewalls, vulnerability scanning, penetration testing, encryption, authentication and authorization protections and policies, including those involving passwords, removal of unnecessary network services, limiting of administrative access, code review, logging, employee training and other relevant safeguards).
It’s also important to mention that Scoro uses HTTPS encryption protocol for every transaction. All passwords are encrypted.
Data retention. We retain your personal data for as long as necessary for the purposes they were collected for, as long as necessary to safeguard our rights, or as long as required by the applicable law.
Protecting the privacy and security of our customers’ information is our top priority
We’ll continue to notify you as we evolve our procedures and policies to make your business and personal information even safer and well-cared for.
In case you have any questions regarding the processing of your personal data, or you would like to exercise your data privacy rights, please contact us via email@example.com.