GDPR at goDeskless

GDPR at goDeskless

Effective compliance addresses data privacy and security requirements no matter where your business is located, or what industry you belong to. At goDeskless we optimize business value from our products and services by adhering to necessary standards and policies. Hence, our cloud ecosystem is capable of providing a robust and scalable structure for safe processing of your, and your customer's data. All our products are GDPR compliant and come with in-built features that help you meet your compliance needs. GDPR-ready features in all goDeskless products are made available to all our customers worldwide. This means GDPR recommended principles for privacy and security of personal data have been extended to customers even outside the EU.

GDPR compliance practices at goDeskless is supported by 3 principles:

Value

Deliver business value by optimizing service efficiency with secure and scalable systems for collecting, storing and processing data.

Collaboration

Increase customer and partner awareness on regulation requirements, ensuring consistent application of data protection measures.

Continuity

Drive business performance through continuous improvement, best practices and innovation.

Our comprehensive GDPR program is supported by key privacy principles -- Accountability, Privacy by Design and Default, Data Minimization, Subject Access Rights, among others. Technology and operations related to the business are subject to regular sensitization programs. Below are some aspects of the GDPR program at GoDeskless, and how our products support customers in meeting their compliance obligations.

WHAT IT MEANS

GODESKLESS

Data collection, storage & processing

Collect data, only for the purpose its needed for. That is, data collected for specific purposes/reasons cannot be further processed in a manner incompatible with those purposes/reasons.

GoDeskless products provides the convenience of enforcing your company’s defined limitations/policies through the product itself. Eg: Assistance with restriction of use of data by turning certain product features ON/OFF. For similar requests reach out to support@goDeskless.com. Upon verification of relevance and feasibility of your request, we will assist you with your requirements to meet your compliance obligations.

Data minimization

Ensure data captured is adequate, relevant and limited to the purpose it’s collected for. Based on this principle, organizations must be sure they only store the exact amount of data required for their specific purpose.

Our support products offer flexibility to build ticket/contact forms according to your needs. Choose what data to collect from customers and stay compliant. Eg: customize fields you want displayed in your contact/ticket form. These options are available in ticket and company forms as well.

Right to rectification

Data controllers must ensure information remains accurate, valid and fit for purpose. To comply with this, organizations must institute a process and policies in place to address this right.

If your customer reaches out requesting correction of their data, our products provide you the flexibility to meet this request via features within the product.

Right to portability

Data subjects have the right to receive their personal data in a structured, commonly used and machine-readable format. They have the right to transmit this data to another vendor/company of their choice without hindrance from the existing vendor/company.

Our products directly assist our customer’s need to meet ‘right to portability’ requests from their customers. Both ‘customer’ and ‘ticket’ data can be exported from the product by users who have appropriate access rights. For additional requests on obtaining existing data, reach out to support@goDeskless.com.

Limitation to storage

To ensure compliance, organizations must have control over storage and movement of data. This includes implementing and enforcing data retention policies and not allowing data to be stored in multiple places.

Our support products offer flexibility of controlling access/permissions, thus enabling unauthorised access and protection of sensitive data.

Right to be forgotten

Data subjects can request erasure of all personal data concerning them. And, the company/business has the obligation to erase all personal data of that individual without undue delay.

GoDeskless products help you respond to your customer’s request for permanent erasure of an individual’s data from within the product. For more information on product specific actions for ‘right to erasure’ please reach out to support@goDeskless.com.

Confidential and secure

Businesses must protect the integrity and privacy of data by making sure it's secure. An organization collecting and processing data is solely responsible for implementing appropriate security measures to protect the individuals data.

GoDeskless regularly evaluates enforcement of - security policies, utilization of dynamic access controls, identity verification of those accessing data, and implementation of protection mechanisms against data breach. goDeskless services are hosted in a public cloud service that has relevant certifications including ISO 27001, SOC II compliance.

Accountability and liability

Organizations must be able to demonstrate to governing bodies that they have taken necessary steps to protect an individual’s personal data. Be sure every step within the GDPR strategy can be pulled up as evidence.

Our products help maintain an audit trail to enable you to provide evidence of appropriate actions taken on an individual’s request.

Data collection, storage & processing

WHAT IT MEANS

Collect data, only for the purpose its needed for. That is, data collected for specific purposes/reasons cannot be further processed in a manner incompatible with those purposes/reasons.

GODESKLESS

GoDeskless products provides the convenience of enforcing your company’s defined limitations/policies through the product itself. Eg: Assistance with restriction of use of data by turning certain product features ON/OFF. For similar requests reach out to support@goDeskless.com. Upon verification of relevance and feasibility of your request, we will assist you with your requirements to meet your compliance obligations.

Data minimization

WHAT IT MEANS

Ensure data captured is adequate, relevant and limited to the purpose it’s collected for. Based on this principle, organizations must be sure they only store the exact amount of data required for their specific purpose.

GODESKLESS

Our support products offer flexibility to build ticket/contact forms according to your needs. Choose what data to collect from customers and stay compliant. Eg: customize fields you want displayed in your contact/ticket form. These options are available in ticket and company forms as well.

Right to rectification

WHAT IT MEANS

Data controllers must ensure information remains accurate, valid and fit for purpose. To comply with this, organizations must institute a process and policies in place to address this right.

GODESKLESS

If your customer reaches out requesting correction of their data, our products provide you the flexibility to meet this request via features within the product.

Right to portability

WHAT IT MEANS

Data subjects have the right to receive their personal data in a structured, commonly used and machine-readable format. They have the right to transmit this data to another vendor/company of their choice without hindrance from the existing vendor/company.

GODESKLESS

Our products directly assist our customer’s need to meet ‘right to portability’ requests from their customers. Both ‘customer’ and ‘ticket’ data can be exported from the product by users who have appropriate access rights. For additional requests on obtaining existing data, reach out to support@goDeskless.com.

Limitation to storage

WHAT IT MEANS

To ensure compliance, organizations must have control over storage and movement of data. This includes implementing and enforcing data retention policies and not allowing data to be stored in multiple places.

GODESKLESS

Our support products offer flexibility of controlling access/permissions, thus enabling unauthorised access and protection of sensitive data.

Right to be forgotten

WHAT IT MEANS

Data subjects can request erasure of all personal data concerning them. And, the company/business has the obligation to erase all personal data of that individual without undue delay.

GODESKLESS

GoDeskless products help you respond to your customer’s request for permanent erasure of an individual’s data from within the product. For more information on product specific actions for ‘right to erasure’ please reach out to support@goDeskless.com.

Confidential and secure

WHAT IT MEANS

Businesses must protect the integrity and privacy of data by making sure it's secure. An organization collecting and processing data is solely responsible for implementing appropriate security measures to protect the individuals data.

GODESKLESS

GoDeskless regularly evaluates enforcement of - security policies, utilization of dynamic access controls, identity verification of those accessing data, and implementation of protection mechanisms against data breach. goDeskless services are hosted in a public cloud service that has relevant certifications including ISO 27001, SOC II compliance.

Accountability and liability

WHAT IT MEANS

Organizations must be able to demonstrate to governing bodies that they have taken necessary steps to protect an individual’s personal data. Be sure every step within the GDPR strategy can be pulled up as evidence.

GODESKLESS

Our products help maintain an audit trail to enable you to provide evidence of appropriate actions taken on an individual’s request.

Some aspects of the GDPR program at GoDeskless

Individual Rights, Subject Access, and Communication GoDeskless GDPR program thoroughly evaluates how GoDeskless, both as a data controller and processor is placed with its existing procedures for readiness to,

  • Provide rights of individuals under GDPR
  • Assist customers in responding to data access requests from individuals

Lawful processing

GoDeskless GDPR program emphasizes on transparency of data processed by establishing processes that help easily respond to requests from customers wanting to know what data GoDeskless has about them. Information of what data is collected, stored and processed can be obtained from our Privacy Notice.

Accountability

Our leaders commit to support and provide guidelines for data protection compliance through a framework of standard policies and procedures. GoDeskless defines metrics for monitoring and governing health of the privacy notice which is independently run under the direct control of the Management Steering Committee.

Customer's Personal Data with GoDeskless

GoDeskless delivers on our customer’s privacy objective by maintaining processing records of customer’s data. Periodic and need based Privacy Impact Analysis (PIA) across data flow and process maps aids in keeping our program aligned with ever changing business and technology landscapes.

Privacy by Design and Default

Programs, projects, and processes at GoDeskless are aligned to privacy principles right from inception of an idea or project, thereby supporting Privacy by Design and Default principles. For more on privacy-ready features of our products, please reach out to support@goDeskless.com.

Opt out of analytics

As part of GoDeskless commitment to uphold privacy, GoDeskless products provide options to opt out of analytics. Customers can terminate sharing of data for the purpose of analytics. Reach out to your Account Executive for more on enabling the same for your support account.

Data Hosting

GoDeskless ensures data is hosted within centers qualified by global IT standards and regulations. Providing multiple locations to host data (upon purchase of appropriate plans) to suit needs of its customers, GoDeskless data centers are located in United States, Europe, India and Australia.

List of sub-processors

GoDeskless GDPR program ensures any 3rd party vendor/sub-processors is also accountable for protection of an individual’s personal data. These obligations are established by way of contracts that also include providing sufficient guarantee to implement appropriate technical and organisational measures as specified in the Regulation.

GoDeskless Commitment to GDPR

GDPR enforces cross-border data protection mechanisms for businesses with operations in multiple EU member states. Further, GDPR governs data protection issues for all global businesses processing personal data.

GoDeskless is committed to providing secure products and services by implementing and adhering to prescribed compliance policies, both as a data controller and processor. The enforcement of GDPR is critical to our mission of providing EU and all our global customers with safe and dependable business software suite. In support of this commitment, GoDeskless extends the same level of privacy and security to all its customers worldwide, irrespective of location.

For more information or questions about the GoDeskless Privacy Notice, please contact support@goDeskless.com.

OTP will expire after 30 mins.

Start Your Trial