Pipeliner & GDPR?
Pipeliner is compliant with GDPR since it became enforceable on May 25th 2018
Pipeliner invested time, money and resources to make sure all the pieces are in place when GDPR came into effect:
- We worked with external GDPR Experts who specialize in compliance, gathering information, and making the needed investments as required by law.
- We worked with our Customers around the world to answer their questions and to help them prepare for using Pipeliner’s Services once GDPR came into effect
- We reviewed Pipeliner’s Current Products and Services to ensure we support our customers with their GDPR compliance requirements.
Pipeliner’s GDPR Commitment
We are committed to always operating in the best interests of our customers and this includes compliance with GDPR.
Similar to existing privacy laws, compliance with GDPR requires a partnership between Pipeliner and our customers in their use of our services. Pipeliner will comply with GDPR in the delivery of our service to our customers.
#1: About GDPR and the Pipeliner Commitment
What is the GDPR?
The General Data Protection Regulation (“GDPR”) is a new European privacy regulation which will replace the current EU Data Protection Directive (“Directive 95/46/EC”). The GDPR aims to strengthen the security and protection of personal dataData Data is a set of quantitative and qualitative facts that can be used as reference or inputs for computations, analyses, descriptions, predictions, reasoning and planning. in the EU and harmonize EU data protection law.
The General Data Protection Regulation (GDPR), which goes into effect on May 25, 2018, provides data subjects with an array of privacy rights, which provide individuals with greater transparency into and control over uses of their personal information.
To whom does the GDPR apply?
The GDPR applies to all organizations operating in the EU and processing “personal identifiable data” of EU residents. Personal data is any information relating to an identified or identifiable natural person.
#2: GDPR Key Principles
Several major principles underpin many of the requirements found in the GDPR in regards to controlling and processing the personal data:
- Fairness and Transparency – Organizations must always process personal data lawfully, fairly, and in a transparent manner.
- Purpose Limitation – Organizations can collect personal data only for specified, explicit, and legitimate purposes. They cannot further process personal data in a manner that’s incompatible with those purposes.
- Data Minimization – Organizations can collect only personal data that’s adequate, relevant, and limited to what’s necessary for the intended purpose.
- Accuracy – Personal data must be accurate and, where necessary, kept up to date.
- Data Deletion – Personal data must be kept only for as long as it’s needed to fulfill the original purpose of collection.
- Security – Organizations must use appropriate technical and organizational security measures to protect personal data against unauthorized processing and accidental disclosure, access, loss, destruction, or alteration.
- Accountability – A data controller is responsible for implementing measures to ensure that the personal data it controls is handled in compliance with the principles of the GDPR.
#3: Pipeliner as Data Controller vs Data Processor
In order to fully understand who is responsible for which personal data, you need to understand the difference between the data processor and the data controller.
- Data processor – you are the data processor when you process personal data on behalf of a data controller.
- Data controller – you are the data controller when you decide the “purposes” and “means” of any processing of personal data.
Pipeliner as a Data Processor
The people you store in Pipeliner CRM as Contacts are your data subjects, and you are considered the data controller for this personal data.
Using the Pipeliner app to manage your customers means that you have engaged Pipeliner as a data processor to carry out certain processing activities on your behalf.
According to Article 28 of the GDPR, the relationship between the controller and the processor needs to be made in writing (electronic form is acceptable under subsection (9) of the same Article).
Pipeliner as the Data Controller
Additionally, Pipeliner acts as the data controller for the personal data we collect about you, the userUser User means a person who uses or consumes a product or a service, usually a digital device or an online service. of Pipeliner CRM products portfolio including website, desktop app, mobile apps.
The data we process about you:
- We process your personal data necessary for us to perform our contract with you (GDPR Article 6(1)(b))
- We process your personal data to meet our obligations under the law (GDPR Article 6(1)(c)) — this primarily involves financial data and information that we need to meet our accountability obligations under the GDPR.
- We process your personal data for our legitimate interests in line with GDPR Article 6(1)(f).
Please also note: In the unlikely event of a data breach, Pipeliner will inform affected customers no later than 72 hours after becoming aware of it in accordance with Article 33 of GDPR.
#4: Individual Rights
The GDPR grants you a number of rights regarding how Pipeliner handles your personal data.
- Data Access – You have the right to confirm with Pipeliner whether Pipeliner is processing your personal data.
- Right to Object – You can in certain cases object at any time to the processing of your personal data, in particular if the processing is for direct marketingMarketing Marketing is the field, set of actions, or practice of making a product or service desirable to a target consumer segment, with the ultimate aim of effecting a purchase. purposes.
- Data Rectification – You can request Pipeliner to correct or complete personal data if the data is inaccurate or incomplete.
- Restriction of Processing – You can request Pipeliner to stop access to and modification of their personal data.
- Data Portability – In certain cases, you have the right to ask Pipeliner to provide their personal data in a structured, commonly used, and machine-readable format (for example, a .csv file) so that you can transmit your own personal data to another company.
- Right to Erasure – Also known as “the right to be forgotten,” this right empowers you to request that Pipeliner delete or remove your personal data in situations such as the following:
- when the data is no longer needed for the original purpose,
- when the data subject withdraws consent,
- or when the data subject objects to the processing and the controller has no overriding legitimate interest in the processing.
If you have any questions or feedback, please reach out to our Pipeliner privacy team by email at firstname.lastname@example.org.
Please contact us if you have any questions about Pipeliner Legal Information and Resources.