GDPR
General Data Protection Regulation
The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. Below is what UPilot is doing towards it.
What We Do
| WHAT IT MEANS | STATUS | |
|---|---|---|
IP Addresses Anonymization |
 |
|
Encryption in Transit |
This is for data that is sent or transmitted to/from our platform | All data |
Encryption in Rest |
For data that is stored in our file servers | Personal data and special data* |
Encryption of Backups |
For data that is stored on our servers for backup and data recovery purpose | |
Standard Contractual Clauses |
As a data processor, our terms include the Standard Contractual Clauses (SCC) provided by the EU to legitimize all data transfers. A copy of the SCC, part of the privacy policy, is available here | |
Data Processing Agreement |
We prepared a standard data processing agreement which can be executed upon request to us | |
Data Separation |
We never send data outside the region in which it is originally agreed upon and stored | |
Vulnerability Scans |
We conduct external vulnerability scans on all public endpoints across our platforms – at least once a quarter. | |
Security policies and training |
We have strict policies/procedures and train all staff on security and privacy best practices | |
Data Retention period |
Trial users/accounts – Data will be removed after 180 days of the expiry of the trial period or earlier based on your request. Active accounts upon expiry – Data will be removed after 180 days of expiry or earlier based on your request. |
|
Access/Portability |
The user can request access to the personal data you have about them. Personal data is anything identifiable, like her name and email address. If they request access we will provide them in machine-readable format (e.g. CSV or XLS). | |
Email Sync Processing |
We do not use 3rd party solutions for UPilot’s email sync. And is compliant with encryption standards. | |
What you need to do
Many data protection and privacy regulations require you and your company to honour people’s requests about how you use their data. Some of the regulations that are important to many companies collecting and processing their customers’ data are listed below:
- General Data Protection Regulation (GDPR), European Union
- Gramm-Leach-Bliley Act (GLB Act), United States
- Canada’s Anti-Spam Law (CASL)
If you have customers or users who request specific methods of contact from your company, you will need to review these common requests as well as the related procedures.
| SCENARIO | ACTION REQUIRED |
|---|---|
| Some of our prospects prefer not receiving any emails or calls from our company. They may also specifically prohibit us from sending any material through post, emails, or discussions over calls. | Delete information in these fields for the person’s contact in addition to any custom field wherein such information may be stored:
Additionally, to keep track, you can select the following options in your contact view:
If you don’t see those options for contacts, you or your account admin can add them as a custom field to your contact page. |
| My company uses UPilot Email Sync and we decided to not receive read receipts when our customers open our email messages sent from UPilot | >Turning off read receipts stops tracking of emails sent from UPilot and prevents you from receiving read receipts. The email receipts can be managed at the individual user’s level.
Additionally, keep in mind that your company’s users have control whether to include read receipts in the individual email message as well. |
| A prospect of mine doesn’t want us to store her email address and phone number. | Delete any fields that store your prospect’s email address and phone number from contacts records. |
| A lead I’m pursuing is interested in our services, but she asked that we give her a couple months before we continue soliciting her. | Don’t send email, schedule meetings, or call those customers.
Select these options in the contact record.
If you don’t see those options for contacts, you or your account admin can add them as a custom field to your contact page. You can also set up a reminder to contact your prospect at the time they have specified. |
| My prospect or customer doesn’t want his social profile image or information to appear on UPilot records. | Ask your customer whether he’s OK with you tracking any of his social profile content.
If needed, you can also remove the social information as well as the social profile image from the contact record. |
*Definitions: Personal data and special data
Given the Regulation’s expansive definition of personal data, just about any type of monitoring of IT systems, network-attached devices, or mobile devices is going to implicate personal data. So-called “special” data presents another challenge: the Regulation defines it very broadly as well and includes genetic or biometric data and personal health information. Because biometric data is considered “special” data and is implicated in logical and facility access controls, professionals will likely find that their own information security systems contain special data. They may be surprised to learn that special data also includes:
- Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership; and
- Data concerning a person’s sex life or sexual orientation
Questions?
Please email us at privacy@upilot.com
Note: This page is not intended to provide legal advice. We recommend you consult your own legal counsel.