The GDPR stands for the General Data Protection Regulation, an EU law that came into effect on May 25, 2018, and sets the rules for anyone handling personal information about EU residents.
Protecting your data is our top priority here at OnePageCRM. We believe in being transparent about the way we handle data and ensure its security and privacy.
We have developed a comprehensive GDPR compliance strategy to make sure that OnePageCRM and its users meet the requirements of the GDPR.
Some significant steps OnePageCRM has taken to align its practices with the GDPR include:
Below, we explain the core areas of OnePageCRM’s GDPR compliance strategy.
When you store or manage your contact’s personal data in an OnePageCRM account, you are a controller of this data (the entity that decides how and why information is processed) while OnePageCRM is the processor (service provider) that processes personal data on your behalf.
OnePageCRM can be used by companies or by individual users. When you create an account with your corporate email address or are added to an existing company’s account, your company is the controller of that information.
Your company or organization is responsible for the accounts associated with that company or organization. The account owner/administrator can restrict, suspend, or terminate your access to the services or information in OnePageCRM. Your company can access information about you within the account, retain information stored with us, and restrict your ability to edit, modify, or delete information associated with your use of our services.
Collecting specific personal data is necessary when we need to perform the contract we are about to enter into or have entered into with you or when we need to comply with a legal or regulatory obligation e.g., financial data and billing. We collect data where it is necessary for our legitimate interest and your interests and where fundamental rights do not override those interests.
Data we collect for a legitimate purpose helps us to:
From time to time you may voluntarily provide us with information when you interact with us e.g., during webinars, user research, or interactions with our support team which may include:
GDPR law requires organizations to use a recognized legal mechanism to transfer data from the European Economic Area (EEA) to countries that do not have a similar data protection framework. To fulfill a range of our business functions we use third-party service providers to whom we transfer necessary personal information.
OnePageCRM has established a process for onboarding third-party service providers to ensure an adequate level of protection of personal data transferred outside the EEA.
OnePageCRM uses appropriate technical and operational safeguards for cross-border transfers of personal data collected in the EEA. We are constantly updating and improving our safeguards. You can learn more about our security measures here.
The GDPR gives individual data subjects the rights to access, delete, and rectify personal data. OnePageCRM facilitates data subject requests consistent with the GDPR, as further described in our help guide.
OnePageCRM compliance efforts are supported by comprehensive training within the company. We provide department-specific training on data privacy and security during the onboarding process and on a regular basis afterwards.
More information about data privacy and OnePageCRM can be found in our Knowledgebase.