With the new GDPR rules fast approaching, InventoryBase is committed to ensuring full compliance and confidence to all of their customers
The General Data Protection Regulations (GDPR) will supersede all existing data protection laws on 25th May 2018. GDPR will affect all businesses – including those across the lettings industry.
Here at InventoryBase, we deal with tonnes of data – not only for our clients but our clients’ customers, their suppliers, our suppliers and so on. As a technology provider, we pride ourselves on being super secure and compliant, to give our customers the utmost confidence in using our products and services within their businesses.
Take a look at how InventoryBase works to protect your data and how we use the information that we hold:
What data is held and where?
When we process a new customer signup, we collect a name, email address, telephone number and optional company name.
This data is distributed to:
- Our Platform database to create the User Account. Hosted by Amazon in Ireland (see Amazon Web Services & GDPR)
- Email server (Omitting telephone numbers) as a registration email copy. Hosted by Google (See Google & GDPR)
- Transactional email is sent via Postmark
- Our internal CRM system, for logging sales and customer service notes and tracking deals.
- Our Newsletter system, collecting email addresses to add to our ‘All Subscribers’ list . Hosted by Mailchimp (See Mailchimp & GDPR)
- Internal Spreadsheets (Name and company only)
- Cloud Storage (Hosted by Google and Dropbox. See Dropbox & GDPR)
Who has access to this data
Data is strictly accessible by Radweb employees only, specifically for the purposes of supporting the software and customer.
People who handle customer information within the business fall into 3 categories:
- SysOps – Full unrestricted access to databases, servers and accounts with customer information and data for the purposes of sales and support
- DevOps – Restricted access to databases and servers with customer information and data for the purposes of support
- BizOps – Limited access to accounts with customer information and data for the purposes of Sales, Marketing or Support.
How we are complying with GDPR
- Right to be forgotten – You may cancel and terminate your InventoryBase account at any time. If you terminate your account, you will be offered to permanently erase all of your data. After receiving a request to be forgotten, we will permanently delete your account and all data associated with it within 30 days of receiving the request.
- Right of portability – If requested, we will export your data so it can be transferred to a third party. You’re also able to keep copies of your reports as PDF for each report you complete.
- Right to object – At any time, you may object (via opt out) to your personal data being used for specific purposes such as direct marketing, research, etc, via your InventoryBase Account Profile.
How InventoryBase will help you to comply with GDPR
GDPR expands privacy protections and rights to your customers too. InventoryBase will help you comply with requests you receive that fall under GDPR regulations:
- Right to rectification – You can update Client and Contact information at any time. Your contacts can reach out to InventoryBase directly and we’ll correct or delete that information for them.
- Right to be forgotten – If you receive a request to be forgotten, you’re able to delete a contact, which permanently removes their information from your account. If your contact reaches out to us directly with a valid request, we’ll notify you about the request and delete the contact’s data from your account, or across all InventoryBase accounts, if requested, in order to comply with GDPR.
- Right of portability – If your contact requests their personal data, you can export or print their data from your browser, which we make available to you via a secure connection.
What changes we are making for full compliance
- Our CRM system – When we receive a request to be forgotten, or we are simply no longer using particular records, we will permanently erase that data on our CRM system.
- Our Newsletter system – When we receive an Account Signup or a Subscription Signup, we will email the customer a Double Opt-In request to be added to our Newsletter/Mailing List for receiving updates about InventoryBase and Radweb.
- Cloud Storage – When we receive a request to be forgotten, or we are simply no longer using particular records, we will permanently erase that data on all Cloud Storage Drives where that data is stored.
- Application changes –
- Profile opt-in to Communications
- Onboarding ‘Consent’ form
- Ability to delete contact info from archived reports
InventoryBase & InventoryBase Academy are committed to both protecting data of their own customers, as well as supporting suppliers and businesses within the industry on ensuring they are compliant with the new regulations.
InventoryBase Academy will be providing further free training and information on GDPR to assist not only our customers, but all of those within the industry on understanding and implementing GDPR practices.
Register here for our April Webinar– Comply & Protect: GDPR for Inventory Professionals and to receive further information.
For more information on InventoryBase and to start a free 14 day trial, visit inventorybase.co.uk