What has ServiceTonic done to comply with GDPR?
New European Regulation on Data Protection (GDPR/RGPD)
At ServiceTonic we always respect your privacy and the privacy of the data that our customers can store in our solutions.
On this page you will find general information about the new General Data Protection Regulations and how ServiceTonic has adapted to the new regulations. This information is useful both for our customers and for those companies that are evaluating our solution and wish to use it according to the new regulation.
What is the new European Regulation?
It is the Regulation (EU) 2016/679 of the European Parliament and the Council of April 27, 2016 relative to the protection of natural persons (RGPD) or GDPR by its abbreviations in English. GDPR is mandatory as of May 25, 2018.
- Extends the rights of European citizens
- Establishes new obligations for companies
- Introduces the principle of Proactive Liability
Who is affected?
The European Regulation affects all companies, bodies or public authorities that process personal data of European citizens.
Do you apply outside the European Union?
Yes, the RGPD extends its territorial application to organizations established outside the EU that deal with data from European citizens to offer them goods and services.
What is personal data?
Any information related to identified or identifiable individuals.
For example: name, address, geolocation, health information, biometric data
Is all data the same?
The RGPD distinguishes between basic data and special category data at high risk.
The data of special categories are sensitive data about the most intimate sphere of people. For example: health, ideology, religion, etc.
How does it affect people?
Citizens will have new rights and greater control and information about the processing of their personal data.
Right to information
The RGPD expands the information that must be provided to the interested parties.
Concrete that must be done in a concise, intelligible and easily accessible, with a clear and simple language.
Rights that improve the control of people over their personal data are incorporated. The person in charge must facilitate the exercise of these rights to the holders of the data.
The rights include: Access, Rectification, Opposition, Limitation of handling, Suppression (Right to be forgotten), Portability
How does it affect companies?
New obligations based on Proactive Liability are established. This principle is based on prevention and requires that appropriate technical and organizational measures be applied to guarantee and demonstrate compliance with GDPR.
The consent must be express. Obtaining a free, specific, informed and unambiguous form, through positive action.
Responsible Individual – Manager
The Responsible is who determines the purposes, means and conditions of the processing of personal data.
The Manager carries out the processing of data in the name and on behalf of the Responsible.
The contracts that bind the Responsible and Managers of handling must be updated according to the requirements of the new Regulation.
GDPR requires measures that guarantee a level of security adequate to the risk and that allow to demonstrate the correct compliance.
In the event of a breach of data security that entails a risk to the rights and freedoms of the holders, the competent authority and the interested parties must be informed.
The maximum term is 72 hours since the person in charge has proof of the incident.
What has ServiceTonic done to comply with GDPR?
What do I have to do to work with ServiceTonic in a way compatible with GDPR?
Keep in mind that both your company and ServiceTonic have obligations and requirements to comply with GDPR.
If your company keeps personal data of people residing in EU countries, your company is classified under GDPR as Responsible for the handling of such data. This means that they will have some additional obligations including securing the rights to the owner of that data. It is important that you understand your responsibilities well and request external advice if you deem it appropriate.
If your company uses ServiceTonic in cloud mode and stores personal data in ServiceTonic of residents in EU countries, then ServiceTonic will be classified under GDPR as Data Processing Manager.
How to manage the rights of the owner of the data with ServiceTonic?
ServiceTonic customers may exercise the rights related to the personal data stored in our solution according to the new regulation as follows:
- Access:Your client can ask you what personal data you store, where you store it and what handling it gives you.
- Rectification:If you or your client need to update or revise any personal data stored in ServiceTonic, you can do so in the application.
- Limitation of handling:If you or your client believe that some personal information is not correct or has been collected in an unlawful way, you can limit the use of that personal information.
- Opposition:If you or your client decide that certain personal data should no longer be used for sending commercial communications, you can specify it in ServiceTonic.
- Portability:ServiceTonic allows you to move your data to other applications at any time.
- Suppression (Right to be forgotten): If you or your client require to cancel personal data stored in ServiceTonic you can do so in the application.
What functionalities and features does ServiceTonic software include to help your organization comply with GDPR?
- Update, delete and manage the processing of personal data:ServiceTonic allows you to store personal data in several sections of the application, including user contact data, ticket content and agent data. ServiceTonic allows you to update or eliminate these data or limit their handling through different functionalities available in the application.
- Request for explicit consent for commercial communications: If your organization plans to make commercial communications to people who have registered as users in your ServiceTonic, they can now activate the explicit consent request in the registration form and they can process the communications according to what the user has indicated.
- Location of data: For ServiceTonic Cloud customers, the personal data that your organization stores in ServiceTonic will be physically stored in the ServiceTonic servers located in the high availability data center and certified ISO-27001 of the company Hetzner (www.hetzner.de) in Germany . ServiceTonic on-premise clients host ServiceTonic on their own servers.
- Encrypted data transmission:ServiceTonic Cloud incorporates by default the encrypted transmission of data over the Internet through the use of 2048-bit certificates. ServiceTonic on-premise customers can include the use of ssl certificates in their installation.
- Password policy:Although the new regulation does not provide explicit guidelines on the password policy to be applied, ServiceTonic is preparing a functionality that will allow each company to configure its own password management policy in its ServiceTonic.
If you or your customers have questions about the use of ServiceTonic according to the new European regulation please contact us:
We will be happy to assist you.