Repsly takes your data privacy and security seriously and is committed to transparency and compliance. This is an ongoing commitment that requires us to regularly update our technology, policies, and procedures.
- Why we made these changes.
- What is GDPR and who does it apply to?
- What we have done to comply with GDPR.
- What this means for you.
- Tips for disclosing your privacy practices.
- We have rewritten some sections to be easier to understand with user-friendly language.
- We have provided even more transparency on what personal data we collect about you, how we use it, share it, store it, and of course how we secure it.
- We clarify how you can access and control personal information.
- We have included a list of 3rd party data processors.
- We have clarified the roles and responsibilities for data privacy.
You can review our Data Processing Agreement in detail here: https://www.repsly.com/dpa-terms.
Why we made these changes.
We are a global company that embraces how technology and regulations change over time. Our policy is to evolve with them and to respect all laws that apply to our business across the world.
On May 25, 2018, the European Union (EU) is putting in place new legislation to strengthen the security and protection of personal data of EU citizens. It is referred to as the General Data Protection Regulation (GDPR) and required us to make some changes to meet compliance.
What is GDPR and who does it apply to?
The GDPR is new EU legislation that replaces the old EU Data Protection Directive (“Directive 95/46/EC”) as of May 25, 2018. It is designed to help people better understand what personal data is collected and what is done with it, it gives EU citizens more control over its use, and it unifies regulations across all of the EU. When we say “personal data” or “personal information” we are referring to any information relating to an identifiable person.
The GDPR applies to any organization that collects, transmits, hosts or analyzes the personal data of EU citizens regardless of where they are physically located. It applies to Repsly and may also apply to your organization.
For more information, please visit: https://www.eugdpr.org/
What we have done to comply with GDPR.
We have made updates to our programs, processes, and application functionality to comply with GDPR. Here are some of the updates:
- We have reviewed all vendors (including our data center partners) who act as sub-processors of Repsly data, audited their approach to GDPR, and entered into Data Protection Agreements (DPAs) where necessary. Of note, Repsly only discloses Service Data to third parties where disclosure is necessary to provide the services or as required to respond to lawful requests from public authorities.
- Ensured compliance with data transfer procedures with high security standards.
- Made changes to our application functionality including:
- Made clearer to users in the web-app and our mobile apps that they are responsible for ensuring compliance with GDPR when setting the system up and capturing data; this includes the use of custom forms and contact information associated with a place.
- Outside of GDPR requirements, we have improved application security by obfuscating Representative passwords.
- We have made updates to internal policies and procedures to:
- Notify regulators and promptly communicate to customers and users in the event of a data breach.
- Ensure that all employees authorized to process personal data have committed to confidentiality.
- Respond to customer requests for particular personal information. Also, to assist our customers (as necessary) if they should have to respond to requests themselves.
What this means for you.
The GDPR legislation and the updates we have made represent positive continual updates to technology, policies, and procedures to better care for and safeguard your personal information.
Here are some of the ways you may be affected:
- As a user of Repsly, you have certain rights. Here are some things you may request:
- A copy of the personal information we’ve collected about you or that you have provided us for the use of our products and services.
- At any time, that we stop using your personal information for certain purposes including sending you direct marketing messages (even if you have given us consent in the past).
- That we provide you the ability you the ability to amend or delete your personal information. You have the right to be forgotten.
- Similar to Repsly, you may also be responsible for ensuring GDPR compliance for your organization; especially around personal information of people that you may collect in and outside of Repsly. To help you determine how GDPR may affect your business, there are many resources to help you including the official EU GDPR website (https://www.eugdpr.org/) and information published by regulators in the individual member states of the EU.
- Because you are gathering and collecting information in Repsly, you are responsible for ensuring GDPR compliance for any personal information you gather or collect using the solution. If you must respond to a request or remove personal information that you entered into Repsly, we will ensure that you have a mechanism to do. If you need assistance, please reach out to firstname.lastname@example.org.
- Repsly will make you aware of and report to the proper authorities any personal data breaches that we detect.
- You may be asked to appoint a designated contact for your account for issues that may arise related to data processing.
Tips for disclosing your privacy practices.
Privacy statements should detail at least the following things:
- What personal information you are collecting and whether you are collecting the information anonymously. Also, how you are tracking personal information (by email address, name or something else). Outline the types of personal information you will be collecting.
- Why you are collecting their personal information and what you plan to do with it.
- Whether their personal information will be disclosed to anyone else.