Richpanel GDPR Compliance
What is GDPR?
GDPR stands for General Data Protection Regulation. It is a set of rules designed to give EU citizens more control over their personal data and is the core of Europe’s digital privacy legislation. GDPR compliance requires organisations to ensure that personal data is gathered legally and under strict conditions, protect it from misuse and exploitation, as well as to respect the rights of data owners.
We have processes in place to rectify any errors or inaccuracies in the personal data of the data subjects either on our own accord or when specifically required by the data subject. This, however, must not conflict with the intellectual property of the organisation.
Richpanel supports the Right To Be Forgotten. We ensure the rights of the data subjects to delete their personal data if the data is – unlawfully processed, no longer needed, collected without consent or is that of a minor. This right also hold in matters of any legal proceeding or any other obligation under the GDPR compliance.
We follow protocols to restrict the processing and/or use of data if the data subjects raise such a request. This could be in events like inaccuracy of data, unlawful processing or any form of legal proceeding.
Richpanel provides the functionality to export all the data from its tool. In the admin panel section there is an export to CSV functionality that can export your data. Data created or collected as an outcome of analytics & insights are not subject to the above as it is not provided by the data subject. Richpanel may choose to not store or to delete certain data in due course & hence may not have that data available to be ported.
Data Collection & Processing
Richpanel believes in honest & transparent communication with its users. We ensure that the knowledge of all the data collected or processed by us is made available to our users. Strict & best-practice measures are taken to ensure the security & lawful use of this data.
Richpanel has the following entities that may collect, display or use information of data subjects:
Data can be collected from these Richpanel entities via mediums like tracking pixels, UTM parameters, cookies or directly from the data subject using form submissions. Richpanel does this to take data-driven decision in improving its solutions & customer experience thereby adding more value to the user.
Third Party Processors
Richpanel also uses several Third Party Tools/Services that collect & process user data. Here are the details:
Data Storage – Method & Location
Richpanel believes in a user’s right to know where their data is stored & processed. Here are the details:
|Data Type||Processor||Purpose of Data Collection||Location|
|Richpanel App data like ticketing, chats, customer messages, email addresses, phone numbers, and other personal information||Amazon Web Services||We store emails, chats, messages & comments and end-user data (the customers of our customers) for providing better service. We, as a standard protocol automatically remove Credit Card numbers, IBAN, SSN and other sensitive private information||US West|
|App attachments – our customers’ and end-users’ file attachments||Amazon Web Services||When you send an email we store the attachment in AWS S3 so we can serve it to the end-user and vice-versa for our own customers.||US West|
|Backups of Richpanel App||Amazon Web Services||In the unlikely event of any major data loss we have measures to recover our main database created with regular backups. The data is stored in EBS Volumes||US West|
Richpanel stores the data of customers both with Paid subscription as well as those using free/trial version.
For the free/trial users, once the trial period is completed & they do not wish to convert it into a paid subscription we retain their data till 60 days, just in case they decide to use the product again. For paid subscribers, if the contract is terminated (by the user or us), we again retain the data till 60 days, just in case if the contract is renewed. However, if the customer officially asks us to delete the data (after contract termination), we do it right away.
However, exceptions can be made in events like legal issues or billing or accounting issues.
Once an account is marked as deactivated, we initiate the deletion process. 60 days after deactivation, we mark it as ‘Up For Deletion’. 15 days after this we permanently delete the data from our database and other storages.
The above deletion process is the default behavior, but on our customer’s request we can accelerate their data removal for up to a few hours.