In our previous post related to Conversica and GDPR, we explained that in GDPR terms, Conversica is a “data processor” and our customers are typically “data controllers”. We outlined the steps we have been taking as a processor to make it easier for our customers, as controllers, to achieve compliance with their obligations under the General Data Protection Regulation (aka the “GDPR”).
In this post, we want to share updates on those activities.
Enabling Our Customers to Satisfy Requests from Data Subjects
As a data processor, we have created processes to help our customers who are data controllers to satisfy GDPR-related requests from data subjects regarding their personal data.
Specifically, here’s how we help our customers to meet their obligations regarding the rights of data subjects under the GDPR:
The Right to Access
The “Right to Access” one’s personal data means that a data subject can request a copy of their personal data as well as an explanation of the categories of data being processed, the purposes of the processing, and the categories of third parties to whom their data may be disclosed. To address requests related to this right, our customers may submit a request to Conversica’s Technical Support team at [email protected], and we will respond by providing information that we have available that could be helpful to our customers in such a circumstance.
The Right to Rectification
Under the “Right of Rectification,” individuals may request correction of their personal data processed by a controller. To address requests related to the Right to Rectification, Conversica provides certain integrations with customers’ systems, such as CRM and marketing automation, where our customers can manually update or correct the personal data of the individuals.
The Right to Erasure, also known as the “Right to Be Forgotten”
Under the “Right of Erasure” data controllers must delete the personal data of an individual upon his or her request under certain circumstances, e.g., where data is no longer needed for its intended purpose, or where the processing is based on consent which has been withdrawn by the data subject. To address requests under the Right to Be Forgotten, our customers may submit a support request at [email protected], and we will erase all personal information pertaining to the individual within a reasonable period of time.
The Right to Restriction of Processing
Under certain conditions, data subjects are permitted to restrict the processing of their personal data. This is known as the “Right to Restrict Processing.” For example, even though a data subject might contest the accuracy of certain personal data or that the data is no longer necessary for its original purpose, retention of the data might be necessary for other purposes, such as to establish, exercise, or defend a legal claim. In these situations, a data subject may request that the processing of their personal data be restricted so that any further processing, with the exception of storage, cannot occur. If our customers are asked to respond to Right Restriction requests, they can submit a support request at [email protected], and we will help ensure that the processing of the personal data in question is restricted within the Conversica application.
The Right to Data Portability
The “Right to Data Portability” allows data subjects to request a copy of their data in a commonly used and machine-readable format in order to transfer it to another service provider. To enable our customers to respond to Right of Data Portability requests, Conversica provides the means for our customers to export all personal data about an individual into a CSV file to be provided by the customer to that data subject.
Conversica Data Processing Addendum
To aid in our customers’ GDPR compliance, Conversica, as a processor, is making available to its customers the Conversica Data Processing Addendum (“DPA”) that sets out Conversica’s commitments to our customers. Customers can access the latest version of our DPA here.
Conversica List of Subprocessors
Conversica is providing a list of its subprocessors who process personal data in the provision of services to our customers. Customer can access the latest list of our subprocessors here.
Article 27 EU Representative and Data Privacy Officer
Article 27 Representative
In accordance with Article 27 of the GDPR, Conversica has appointed VeraSafe as our official representative in the European Union. Supervisory authorities and data subjects whose data are being processed by Conversica may contact Conversica through VeraSafe on issues related to GDPR compliance. The contact details for our Article 27 EU representatives are as follows:
Matthew Joseph, CIPP/US
Prague 150 00
VeraSafe Ireland LTD
Unit 3D North Point House
North Point Business Park
New Mallow Road
Email: [email protected]
We have also appointed a DPO. The Contact details for our DPO are as follows:
Matthew Joseph, CIPP/US
Prague 150 00
Thank you for your interest in our activities supporting our customers’ compliance with the GDPR. Should you have questions or comments, please contact [email protected].