MalCare’s Commitment to GDPR
The General Data Protection Regulation (GDPR) is a European Union (EU) regulation, which establishes a new framework for handling and processing of personal data of EU residents. Any business processing personal data (collecting, recording, storing, using, etc) of EU residents are likely to be affected by the GDPR. The regulation comes into effect on May 25, 2018.
What are the benefits of GDPR?
GDPR gives customers and their users the option to:
- Easily identify personal data and enriched profile information.
- Update Personally Identifiable Information (PII) whenever needed.
- Opt out of storing user events.
- Request a permanent delete of all customer and end-user information.
- Opt out from sending data to third-party for analytics (stop sending properties to any third-party analytics tool).
How is MalCare preparing for GDPR?
MalCare welcomes the introduction of GDPR and is fully committed to achieving compliance with GDPR. We completely understand our obligation to our customers and we value our customers (and their customer’s) personal data rights. Here’s what we are doing:
- GDPR Analysis: We have thoroughly analyzed GDPR requirements and we have put in place a dedicated internal team to drive our organization to meet those requirements.
- Identifying Personal Data: We are currently in the process of identifying the different levels of personal data that is collected, stored, used and disposed. It’ll help us establish a roadmap for becoming compliant with the new regulation.
- Being Visible & Achieving Transparency: In the light of the powerful role data plays in the modern day, providing visibility and transparency on how collected personal data is used is of utmost importance. Identifying the different levels of personal data will help us explore the best way in which we can achieve transparency and provide visibility to our customers.
- Enhancing Data Security: We give data security great importance. We are reviewing our policies to further enhance data privacy and data security measures.
- Data Portability: We are exploring ways of streamlining data exporting capabilities so as to give a helping hand to our customers who are concerned about their personal data.
- Changes in the Product: We have identified a few requirements in areas of our product that will be impacted by GDPR. We have developed a strategy that’ll help implement those changes.
Features Built for GDPR Readiness:
Right to be Forgotten
MalCare lets you delete user data permanently. You can delete the user profile and all the data associated – like tickets raised by them, team huddle discussions, phone conversations, chats, satisfaction ratings provided, topics created and discussions in forums. To delete all user information, all you need to do is fill in this form.
Right to Rectification
The GDPR includes a right for individuals to have inaccurate personal data rectified, or completed if it is incomplete. Users in MalCare can rectify any errors in their personal data by editing their profiles. Please take the help of our help documentation.
MalCare GDPR FAQ:
Are MalCare services GDPR compliant?
MalCare is committed to transparent and secure handling of all personal data on our network. Our processes have gone through an extensive procedural and legal review to ensure we fully meet the requirements set forth in the EU General Data Protection Regulation (GDPR) legislation.
What is MalCare’s role with respect to GDPR?
MalCare acts as both a data controller and a data processor. MalCare acts as a data controller for customer information that we collect to process payments and provide customer support. When a customer uses our services to process personal data, MalCare acts as a data processor.
Does MalCare offer a Data Processing Addendum?
If GDPR applies to your organization and you need a DPA to satisfy GDPR requirements, MalCare makes one available at the following URL: https://malcare.com/blogvault-dpa/
In order for it to be binding, please send the executed document back to firstname.lastname@example.org.
How do you Delete User Data?
MalCare lets you delete user data permanently. You can delete the user profile and all the data associated – like team huddle discussions, phone conversations, chats, satisfaction ratings provided, topics created and discussions in forums.
For this, you’ll need to fill in this form. We’ll initiate the process of deleting your data.
These are the steps we are going to take:
- The admin navigates to the specific customer’s profile and ‘delete’ the contact – this first step is a soft delete.
- The admin then navigates to the deleted contact’s profile and uses that ‘Delete forever’ option to permanently delete the customer’s data – forums, calls & profile.
- If the deleted contact has been an agent with the account, we permanently delete their PII (Personally Identifiable Information) such that the individual is not identified or identifiable thereafter. However, for business continuity, their contributions to the business viz. notes, knowledge base articles, forum topics/comments, support calls, surveys, automation rules, contacts, companies, tags, etc. will be retained. (This is being built and will be available soon.)
How do you Export User Data?
MalCare lets you export user data. You can export the user profile and all the data associated – like team huddle discussions, phone conversations, chats, satisfaction ratings provided, topics created and discussions in forums.
If you want to export User Data, you will need to fill in this form. We’ll initiate the process of exporting your data.
These are the steps we are going to take:
The admin navigates to the list of all customers where the export functionality is available, and then filter through to the required customer’s data. Additionally, the admin may use this API call to pull all profile information about them.
How is my data in MalCare protected from misuse?
All data including personal data and call information are encrypted at transit and at rest in the product. As a data controller, it is important for you to assess what data you’re collecting in the call recordings and notes. This information must be minimized to the extent necessary for you to provide service or support. As a data processor, MalCare performs operations or set of operations on this data only based on your action and in compliance with applicable regulations.
How do you address a customer’s request to ‘Opt-Out Analytics’?
As we are currently working on enabling this option. However, you can send us a request at email@example.com.
How do you address the ‘Data Rectification’ requests?
The GDPR includes a right for individuals to have inaccurate personal data rectified, or completed if it is incomplete. End-users and agents in MalCare can rectify any errors in their personal data by editing their profiles. Kindly take the help of our help documentation.
Do I need to move my data to an EU data center?
MalCare stores all users data in the EU therefore, users do not have to move their data.
I have questions, how do I get in touch?
Please feel free to reach out to MalCare Support for any questions about GDPR. We’d be happy to clarify any doubt.