Understanding GDPR

The GDPR (General Data Protection Regulation) is a new EU Regulation which will replace the 1995 EU Data Protection Directive (DPD) to significantly enhance the protection of the personal data of EU citizens and increase the obligations on organizations who collect or process personal data. GDPR will come into effect on 25th May 2018 and will be applicable to all member states. You can read about the full text of the GDPR here.

GDPR Compliance and Scope

While the current EU legislation (the 1995 EU Data Protection Directive) governs entities within the EU, the territorial scope of the GDPR is far wider in that it will also apply to non-EU businesses who a) market their products to people in the EU or who b) monitor the behavior of people in the EU. In other words, even if you’re based outside of the EU but you control or process the data of EU citizens, the GDPR will apply to you.

We are ready to help our users for GDPR

As part of our unwavering commitment to data security and customer protection, NOVATEC SOLUCIONES Y PROYECTOS, S.L. is committed to GDPR compliance. We are evaluating new requirements and restrictions imposed by the GDPR and will take any action necessary to ensure that we handle customer data in compliance with applicable law by the 2018 deadline, while continuing to move fast and build great products.

We are Here to Support our Customers

The GDPR clearly defines the roles that different organizations have when managing or dealing with personal data. There are two major roles – Controllers and Processors. Controllers are organizations that deal with personal data. Our Customers, including both businesses and individuals, using Boostools classify as Controllers because they collect data, decide what will it be used for, and how will it be used. Boostools plays the role of the Data Processor because Boostools processes this data, provided by the customers, on their behalf.

As Controllers, our customers own their users’ personal data on Boostools. We’re committed to helping our customers meet their obligations under the GDPR. We have already implemented data security processes and controls to make sure that our customers can meet their GDPR obligations. These include:

Data Processing Addendum (DPA)

As Boostools is a Data Processor, our customers must have a Data Processing Addendum with us. We have a GDPR-compliant DPA that our customers can sign upon request. Amongst other things, our DPA includes a list of of sub-processors for personal data, detailing our breach notification procedures, SLA’s and our governance measures. If you are a Boostools customer, please contact us at support@boostools.app or contact your Customer Success Manager for a copy of your DPA.

Best-in-Class Information Security

Information security is our highest priority. That is why we have technical and organizational measures in place which ensure that our customer’s personal data remains secure. We have implemented the following data security best practices for GDPR compliance:

• Data minimization
• Log pseudonymization
• Data transparency

We also continue to create and invest in our security and compliance measures.

Boostools will ensure to comply with all regulations obligated by law as they may apply to the processor of the data.

Privacy Policy

Our updated policy outlines our commitment to maintaining the privacy of our customers’ personal data. It also explains what we have done to make sure our customers’ personal data is secure and what choices are available to them.

The Rights of Data of Users and Our Customer (Data Subjects)

Our customers and their end-users can request access, correct, and modify their personal data stored on the Boostools platform. End-users can also contact us at support@heycom.io if they would like to access, correct, or remove their personal data. As a Processor, we will forward these requests to the relevant customers and help them respond, if needed.

New Product Features

As a market leader in browser notification domain, we are always innovating and adding new product capabilities. Moving forward, notification subscription experience for users from EU will follow three cornerstone principles:

• In line with GDPR principles of “privacy by design” and “privacy by default”.
• Applicable by default for end users from EU.
• The changes will be communicated in as simple language as possible.

We are always happy to answer any questions about the privacy and security of our customers’ data, GDPR, or user engagement, in general. Feel free to contact us at support@heycom.io

Collaborating with Vendors

We’re collaborating with our vendors, understanding and reviewing their GDPR plans to ensure similar GDPR-ready data processing agreements with them.