Effective August 18, 2020
For the previous version of this document click here.
The privacy and security of personal data and other information has always been our top priority. We regularly review our systems and processes to address compliance with the GDPR.
The General Data Protection Regulation (GDPR) is a European Union (EU) regulation that mandates how an organization should handle personal data. The GDPR came into effect on May 25, 2018.
The GDPR is aimed at giving individuals (known as data subjects) throughout the European Economic Area (EEA) (which includes all of the EU Member States as well as Iceland, Lichtenstein and Norway) and the United Kingdom (UK) control over their personal data and how it is used.
The GDPR (and the UK equivalent) applies to organizations based in the EEA and the UK. The GDPR (and the UK equivalent) also applies to organizations outside of the EEA and the UK to the extent that they provide goods or services to individuals located in the EEA or the UK or monitor the behavior of individuals located in the EEA or the UK.
The specifics of how personal data is processed, collected, stored, and deleted by product can be found in our Data Processing Addendum that you may request from us at any time. In addition to our addendum, we have implemented several tools to help our customers remain GDPR compliant:
As a customer, you operate as the data controller, and we are considered a data processor. These terms are defined in the GDPR. As the data controller, you are responsible for ensuring that the personal data you share with us, or which we process or handle on your behalf, is processed lawfully and in accordance with the requirements of the GDPR. As a data processor, we also have obligations under the GDPR, though they are more limited.
At ServiceRocket, we try very hard to minimize the amount of personal data we collect from you. We collect only basic personal data required to perform the requested services for you.
Yes. We retain basic user contact information to communicate with our customers about product and security updates, relevant marketing, training and events. All our web pages and all our communications to you regarding training, marketing and events contain unsubscribe links.[OC3]
The data collected on our Marketplace [OC4] is hosted by AWS. Their data centers are in the USA. This data remains in the USA.
We have received certification for SOC2 Type 2. Our marketplace is also PCI compliant. You may request a copy of our SOC2 Report by contacting us at any time at firstname.lastname@example.org
If you wish to erase, obtain a copy, edit or update your [OC6] personal data, you need to use this form to place your request. If you want to erase your data, we have a process to permanently anonymize the data.