In today’s digital landscape, safeguarding personal data and privacy is paramount. The General Data Protection Regulation (GDPR) serves as a fundamental mechanism in protecting these rights, ensuring that companies respect and secure the personal information of individuals within the European Union (EU). At Actioner, we recognize the critical importance of the GDPR and place the privacy and security of our end users' data at the forefront of our service offerings. We are proud to be an active participant in the Data Privacy Framework (DPF), holding certifications for the EU-U.S. Data Privacy Framework, its UK Extension, and the Swiss-U.S. Data Privacy Framework. We believe in the value of transparency regarding our data transfer practices. Therefore, we remain committed to maintaining our Data Processing Addendum, conducting Transfer Impact Assessments, and managing our sub-processors diligently. This ensures that our customers can confidently utilize our Services from any location.
What is GDPR?
The GDPR is a comprehensive data protection law that came into effect on May 25, 2018. It was designed to give individuals in the EU more control over their personal data and to unify various data privacy laws across Europe. GDPR impacts any organization, regardless of location, that processes the personal information of EU residents. Key principles of the GDPR include consent, transparency, right to access, data portability, and the right to be forgotten, among others.
GDPR Compliance and Data Privacy
At Actioner, we are fully committed to upholding the standards set by GDPR and ensuring that the privacy and security of our users’ data are treated with the utmost importance. Here’s how we align our operations with GDPR and prioritize data privacy:
- Transparency and Consent: We believe in maintaining complete transparency with our users regarding the collection, use, and management of their data. Prior to processing personal data, we ensure that clear consent is obtained, providing users with informed choices about their data.
- Data Protection by Design: Our platform is built with privacy and security at its core. From the early stages of product development, we implement robust security measures to protect against data breaches and unauthorized access, aligning with the GDPR’s principle of 'privacy by design'.
- User Rights: In line with GDPR requirements, we empower our users with several rights concerning their personal data. These include the right to access their data, rectify inaccuracies, delete their information, restrict processing, and more. Our Privacy Policy outlines these rights in detail, ensuring our users can easily exercise them.
- Data Minimization and Purpose Limitation: We adhere to the principles of data minimization and purpose limitation, ensuring that only necessary data is collected for clearly defined purposes. Our data handling practices are structured to prevent the collection and retention of unnecessary user data.
- Security and Compliance: Recognizing the importance of data security, we have implemented comprehensive measures, including encryption, secure data storage, and regular audits, to protect our users' data. Our Data Protection Policy and Network Security Policy detail our approach to maintaining high security and compliance standards.
- Vendor Management and Third-Party Assessments: Understanding that our service ecosystem involves various third parties, we rigorously assess and monitor our vendors to ensure they meet GDPR standards. Our Vendor Management Policy outlines the criteria for vendor assessment, emphasizing data protection and security as key factors. The list of our sub-processors are available on our website.
- Continuous Improvement: At Actioner, we continuously review and update our privacy practices and policies to adapt to new regulations, technological advancements, and best practices in data protection. This ongoing commitment ensures that our users' data remains secure and their privacy respected.
Data Life-Cycle and Subject Rights
Our tools help customers meet obligations under the GDPR right to be forgotten / erased clause by making it easy to delete your data from Actioner services and its sub-processors.
- Workspace admins can remove the access of a user from their workspaces through the User Management console. In this case, all data that was stored within the scope of the removed user is deleted from Actioner and its sub-processors. This is an automated process and may take up to 24 hours.
- When a user is removed from all Actioner workspaces that they were invited to, all personal data that was stored within the scope of the user is deleted from Actioner and its sub-processors. This is an automated process and may take up to 24 hours.
- Workspace admins can facilitate the workspace deletion through the Workspace Settings console. In this case, all users are removed from the workspace and all data that was stored within the scope of the workspace is deleted from Actioner and its sub-processors. The automated process starts after 72 hours, in which the action can be undone by the workspace admin. When the process starts, it may take up to 48 hours.
- People who have provided their personal data or had their personal data provided to Actioner, but do not have Actioner accounts, may also initiate a request for deletion via support@actioner.com or Actioner Contact page.
- The automated processes above are applicable regardless if the data is Personal Identifiable Information (PI) or not.
- Workspace admins can facilitate access of all their data, including the end-user profile data, via support@actioner.com or Actioner Contact page.
- End users can facilitate access of their personal data via support@actioner.com or Actioner Contact page.
- People who have provided their personal data or had their personal data provided to Actioner, but do not have Actioner accounts may also initiate a request for access via support@actioner.com or Actioner Contact page.
Conclusion
In conclusion, GDPR is not just a regulatory requirement for us at Actioner; it is a reflection of our core values in prioritizing the privacy and security of our users. We are dedicated to providing transparent, secure, and user-centric services, empowering our users to control their personal data confidently. Trust, respect, and responsibility guide our approach to data protection, ensuring that your privacy is always at the forefront of what we do.
Additional Resources
