The GDPR stands for the General Data Protection Regulation, an EU law that came into an effect on May 25, 2018, and sets the rules for anyone handling personal information about EU residents.
Protecting your data is our top priority here at OnePageCRM. We believe in being transparent about the way we handle data and ensure its security and privacy.
We have developed a comprehensive GDPR compliance strategy to make sure that OnePageCRM and its users meet the requirements of the GDPR.
Some significant steps OnePageCRM has taken to align its practices with the GDPR include:
- Implementation of technical and organizational measures in line with the GDPR to safeguard the personal data processed by OnePageCRM.
- Revisions to our terms and privacy policies to improve clarity and transparency.
- Enhancements and ongoing monitoring of our security practices and procedures.
- Audit, minimization and mapping of the data we collect, use, and share.
- Regular training for employees in relation to privacy and security.
- Addressing data subject rights and creating our response plan.
Below, we explain the core areas of OnePageCRM’s GDPR compliance strategy.
OnePageCRM as the data processor
When you store or manage your contact’s personal data in an OnePageCRM account, you are a controller of this data (the entity that decides how and why information is processed) while OnePageCRM is the processor (service provider) that processes personal data on your behalf.
OnePageCRM can be used by companies or by individual users. When you create an account with your corporate email address or are added to an existing company’s account, your company is the controller of that information.
Your company or organization is responsible for the accounts associated with that company or organization. The account owner/administrator can restrict, suspend, or terminate your access to the services or information in OnePageCRM. Your company can access information about you within the account, retain information stored with us, and restrict your ability to edit, modify, or delete information associated with your use of our services.
OnePageCRM as the data controller
Collecting specific personal data is necessary when we need to perform the contract we are about to enter into or have entered into with you or when we need to comply with a legal or regulatory obligation e.g., financial data and billing. We collect data where it is necessary for our legitimate interest and your interests and where fundamental rights do not override those interests.
Data we collect for a legitimate purpose helps us to:
- Develop and improve our products or services.
- Administer and protect our services.
- Communicate important updates that are relevant to users.
From time to time you may voluntarily provide us with information when you interact with us e.g., during webinars, user research, or interactions with our support team which may include:
- Your questions, requests and responses to our support team.
- Information you send us in surveys or research studies, if you choose to participate.
- Identity data for verification purposes.
- Audio or screenshots, if you participate in support calls and do not opt out of call recording.
International Data Transfers
GDPR law requires organizations to use a recognized legal mechanism to transfer data from the European Economic Area (EEA) to countries that do not have a similar data protection framework. To fulfill a range of our business functions we use third-party service providers to whom we transfer necessary personal information.
OnePageCRM has established a process for onboarding third-party service providers to ensure an adequate level of protection of personal data transferred outside the EEA.
OnePageCRM uses appropriate technical and operational safeguards for cross-border transfers of personal data collected in the EEA. We are constantly updating and improving our safeguards. You can learn more about our security measures here.
Your rights under the GDPR
The GDPR gives individual data subjects the rights to access, delete, and rectify personal data. OnePageCRM facilitates data subject requests consistent with the GDPR, as further described in our help guide.
OnePageCRM compliance efforts are supported by comprehensive training within the company. We provide department-specific training on data privacy and security during the onboarding process and on a regular basis afterwards.
More information about data privacy and OnePageCRM can be found in our Knowledgebase.