GDPR

The GDPR stands for the General Data Protection Regulation, an EU law that came into an effect on May 25, 2018, and sets the rules for anyone handling personal information about EU residents.

Protecting your data is our top priority here at OnePageCRM. We believe in being transparent about the way we handle data and ensure its security and privacy. 

We have developed a comprehensive GDPR compliance strategy to make sure that OnePageCRM and its users meet the requirements of the GDPR. 

Some significant steps OnePageCRM has taken to align its practices with the GDPR include:

  • Implementation of technical and organizational measures in line with the GDPR to safeguard the personal data processed by OnePageCRM.
  • Revisions to our terms and privacy policies to improve clarity and transparency. 
  • Enhancements and ongoing monitoring of our security practices and procedures.
  • Audit, minimization and mapping of the data we collect, use, and share.
  • Regular training for employees in relation to privacy and security.
  • Addressing data subject rights and creating our response plan.

Below, we explain the core areas of OnePageCRM’s GDPR compliance strategy. 

OnePageCRM as the data processor

When you store or manage your contact’s personal data in an OnePageCRM account, you are a controller of this data (the entity that decides how and why information is processed) while OnePageCRM is the processor (service provider) that processes personal data on your behalf. 

The information that you store in your OnePageCRM account is subject to our Terms of Service, Data Processing Schedule, and Privacy Policy. Together they constitute a data processing agreement. These are your instructions to OnePageCRM to perform data processing on your behalf.

OnePageCRM can be used by companies or by individual users. When you create an account with your corporate email address or are added to an existing company’s account, your company is the controller of that information.

Your company or organization is responsible for the accounts associated with that company or organization. The account owner/administrator can restrict, suspend, or terminate your access to the services or information in OnePageCRM. Your company can access information about you within the account, retain information stored with us, and restrict your ability to edit, modify, or delete information associated with your use of our services.

OnePageCRM as the data controller

OnePageCRM is the data controller of the personal data we collect about you when you enter into a contract with us. For example, when subscribing to our services and/or using our website, web and mobile applications as specified in our Privacy Policy.

Collecting specific personal data is necessary when we need to perform the contract we are about to enter into or have entered into with you or when we need to comply with a legal or regulatory obligation e.g., financial data and billing. We collect data where it is necessary for our legitimate interest and your interests and where fundamental rights do not override those interests.  

Data we collect for a legitimate purpose helps us to: 

  • Develop and improve our products or services.
  • Administer and protect our services. 
  • Communicate important updates that are relevant to users. 

From time to time you may voluntarily provide us with information when you interact with us e.g., during webinars, user research, or interactions with our support team which may include:

  • Your questions, requests and responses to our support team.
  • Information you send us in surveys or research studies, if you choose to participate.
  • Identity data for verification purposes.
  • Audio or screenshots, if you participate in support calls and do not opt out of call recording.

International Data Transfers

GDPR law requires organizations to use a recognized legal mechanism to transfer data from the European Economic Area (EEA) to countries that do not have a similar data protection framework. To fulfill a range of our business functions we use third-party service providers to whom we transfer necessary personal information.

Standard Contractual Clauses (SCCs) serve as a valid legal mechanism for companies to transfer personal data outside the EEA. OnePageCRM uses the Standard Contractual Clauses with all of our sub-processors based outside the EEA. The list of our sub-processors can be viewed in f our Privacy Policy.

OnePageCRM has established a process for onboarding third-party service providers to ensure an adequate level of protection of personal data transferred outside the EEA. 

OnePageCRM uses appropriate technical and operational safeguards for cross-border transfers of personal data collected in the EEA. We are constantly updating and improving our safeguards.  You can learn more about our security measures here.

Please note that our Privacy Policy does not apply to the processing of your information by third parties, even if they are accessible through our third-party integrations. Please visit those third-party websites directly for more information on their privacy and data protection practices.

Your rights under the GDPR

The GDPR gives individual data subjects the rights to access, delete, and rectify personal data. OnePageCRM facilitates data subject requests consistent with the GDPR, as further described in our help guide.

Training

OnePageCRM compliance efforts are supported by comprehensive training within the company. We provide department-specific training on data privacy and security during the onboarding process and on a regular basis afterwards. 

More information about data privacy and OnePageCRM can be found in our Knowledgebase.

Or Call Sales (646) 762 1303
Have a question? Chat with us!