Introducing: GDPR-Driven Policy & Product Updates
At Reply.io, we take your security and privacy seriously.
To comply with the upcoming GDPR, we’re committed to ensuring that we and our customers adjust to the scope of the changes by being transparent about our practices and how we protect data and privacy.
To improve security safeguards and support needed processes, we have already implemented (or will complete implementation by May 25, 2018) multiple changes to our services.
To be fully compliant with the new regulations, we applied for EU-US and Switzerland-US Privacy Shield programs, which covers the transfer of data between the EU and the US.
A new Trust page will be a place to educate customers and prospects and serve as a starting point to submit requests and initiate internal processes related to the rights of the data subjects under GDPR and Privacy shield regulations.
New roles (Data Protection Officer and EU representatives) and processes will be in place to help us and our customers become compliant with the requirements of GDPR and EU-US privacy shield regulations.
According to GDPR, these rights/processes include:
- Access to personal data about a subject.
- Correction of incorrect personal data.
- Object to processing personal data on the platform.
- Delete personal data.
- Transfer data to another processor or controller.
- EU-US Privacy shield related.
- Clearly stated rights, such as the ability to understand how personal data is profiled or automatically processed.
- Ability to file a complaint with GDPR or EU-US Privacy shield authorities.
Reply will act as the controller (regarding personal data of our customers) and processor (for the data of customer customers and prospects) to act promptly on any request and to help our customers to be compliant to the most possible extent.
Moreover, we expect to automate most of these processes and provide necessary improvements both on process and product sides.
All personal data, where Reply acts as a processor, is stored in the Microsoft Azure cloud which is a secured and 24/7 – 365 days a year supported environment.
We’ve implemented Azure Key Vault technology that enables a higher level of security regarding access to data.
Also, only limited personnel (and in limited cases, like providing support investigations or alert shifts) has access to such data.
Personal data (including texts) in the cloud, as well as all other details regarding customers, are encrypted by default.
All passwords and login credentials (including access to customer email accounts for service to process) are encrypted.
We constantly monitor and address possible security vulnerabilities – this year, 10+ such fixes were deployed.
Administrative features have been implemented to be able to delete and export personal data within Reply on request.