What has ServiceTonic done to comply with GDPR?

New European Regulation on Data Protection (GDPR/RGPD)

At ServiceTonic we always respect your privacy and the privacy of the data that our customers can store in our solutions.

On this page you will find general information about the new General Data Protection Regulations and how ServiceTonic has adapted to the new regulations. This information is useful both for our customers and for those companies that are evaluating our solution and wish to use it according to the new regulation.

What is the new European Regulation?

It is the Regulation (EU) 2016/679 of the European Parliament and the Council of April 27, 2016 relative to the protection of natural persons (RGPD) or GDPR by its abbreviations in English. GDPR is mandatory as of May 25, 2018.

 

Primary updates

  • Extends the rights of European citizens
  • Establishes new obligations for companies
  • Introduces the principle of Proactive Liability

 

Who is affected?

The European Regulation affects all companies, bodies or public authorities that process personal data of European citizens.

Do you apply outside the European Union?

Yes, the RGPD extends its territorial application to organizations established outside the EU that deal with data from European citizens to offer them goods and services.

 

What is personal data?

Any information related to identified or identifiable individuals.

For example: name, address, geolocation, health information, biometric data

 

Is all data the same?

The RGPD distinguishes between basic data and special category data at high risk.

The data of special categories are sensitive data about the most intimate sphere of people. For example: health, ideology, religion, etc.

 

How does it affect people?

Citizens will have new rights and greater control and information about the processing of their personal data.

 

Right to information

The RGPD expands the information that must be provided to the interested parties.

Concrete that must be done in a concise, intelligible and easily accessible, with a clear and simple language.

 

New rights

Rights that improve the control of people over their personal data are incorporated. The person in charge must facilitate the exercise of these rights to the holders of the data.

The rights include: Access, Rectification, Opposition, Limitation of handling, Suppression (Right to be forgotten), Portability

 

How does it affect companies?

New obligations based on Proactive Liability are established. This principle is based on prevention and requires that appropriate technical and organizational measures be applied to guarantee and demonstrate compliance with GDPR.

 

Consent

The consent must be express. Obtaining a free, specific, informed and unambiguous form, through positive action.

 

Responsible Individual – Manager

The Responsible is who determines the purposes, means and conditions of the processing of personal data.

The Manager carries out the processing of data in the name and on behalf of the Responsible.

The contracts that bind the Responsible and Managers of handling must be updated according to the requirements of the new Regulation.

 

Security measures

GDPR requires measures that guarantee a level of security adequate to the risk and that allow to demonstrate the correct compliance.

 

Incident notification

In the event of a breach of data security that entails a risk to the rights and freedoms of the holders, the competent authority and the interested parties must be informed.

The maximum term is 72 hours since the person in charge has proof of the incident.

 

What has ServiceTonic done to comply with GDPR?

ServiceTonic has revised its Privacy Policy, the Conditions of Use of our applications, has adapted its internal work procedures, has trained its employees and added the necessary functionalities in its software to ensure that both ServiceTonic and its customers can comply with the new European regulation as of May 25, 2018.

As of this date, the new Privacy Policy for ServiceTonic will be current along with the new conditions for use ServiceTonic Cloud and ServiceTonic On-premise.

Both the new Privacy Policy and the new Conditions of Use clearly indicate how we collect your personal data and how we treat them according to the new regulation, also describing the roles of Manager and Manager of handling that your organization and ServiceTonic will have. Respectively.

 

What do I have to do to work with ServiceTonic in a way compatible with GDPR?

Keep in mind that both your company and ServiceTonic have obligations and requirements to comply with GDPR.

If your company keeps personal data of people residing in EU countries, your company is classified under GDPR as Responsible for the handling of such data. This means that they will have some additional obligations including securing the rights to the owner of that data. It is important that you understand your responsibilities well and request external advice if you deem it appropriate.

If your company uses ServiceTonic in cloud mode and stores personal data in ServiceTonic of residents in EU countries, then ServiceTonic will be classified under GDPR as Data Processing Manager.

In the new Privacy Policy and Conditions of Use of ServiceTonic Cloud that will take effect as of May 25, 2018, this scenario is already contemplated.

 

How to manage the rights of the owner of the data with ServiceTonic?

ServiceTonic customers may exercise the rights related to the personal data stored in our solution according to the new regulation as follows:

  • Access:Your client can ask you what personal data you store, where you store it and what handling it gives you.
  • Rectification:If you or your client need to update or revise any personal data stored in ServiceTonic, you can do so in the application.
  • Limitation of handling:If you or your client believe that some personal information is not correct or has been collected in an unlawful way, you can limit the use of that personal information.
  • Opposition:If you or your client decide that certain personal data should no longer be used for sending commercial communications, you can specify it in ServiceTonic.
  • Portability:ServiceTonic allows you to move your data to other applications at any time.
  • Suppression (Right to be forgotten): If you or your client require to cancel personal data stored in ServiceTonic you can do so in the application.

 

What functionalities and features does ServiceTonic software include to help your organization comply with GDPR?

  • Update, delete and manage the processing of personal data:ServiceTonic allows you to store personal data in several sections of the application, including user contact data, ticket content and agent data. ServiceTonic allows you to update or eliminate these data or limit their handling through different functionalities available in the application.
  • Publication of your Privacy Policy:As the Person in charge of the handling of the personal data that you store in ServiceTonic, you can now publish in ServiceTonic your Privacy Policy. ServiceTonic provides by default a privacy policy template that can be adapted or replaced by the client’s own.
  • Information about the use of cookies: ServiceTonic incorporates functionality to publish the notice of use of cookies in the application.
  • Acceptance of Privacy Policy in registration of new users:: ServiceTonic allows to activate the acceptance box of the Privacy Policy in the register of new users.
  • Request for explicit consent for commercial communications: If your organization plans to make commercial communications to people who have registered as users in your ServiceTonic, they can now activate the explicit consent request in the registration form and they can process the communications according to what the user has indicated.
  • Location of data: For ServiceTonic Cloud customers, the personal data that your organization stores in ServiceTonic will be physically stored in the ServiceTonic servers located in the high availability data center and certified ISO-27001 of the company Hetzner (www.hetzner.de) in Germany . ServiceTonic on-premise clients host ServiceTonic on their own servers.
  • Encrypted data transmission:ServiceTonic Cloud incorporates by default the encrypted transmission of data over the Internet through the use of 2048-bit certificates. ServiceTonic on-premise customers can include the use of ssl certificates in their installation.

 

  • Password policy:Although the new regulation does not provide explicit guidelines on the password policy to be applied, ServiceTonic is preparing a functionality that will allow each company to configure its own password management policy in its ServiceTonic.

 

Questions?

If you or your customers have questions about the use of ServiceTonic according to the new European regulation please contact us:

Contact us

We will be happy to assist you.