SupportSync and the General Data Protection Regulation (GDPR)

The GDPR enhances the privacy rights of users with more transparency and control over how their personal data is used.

Overview

The General Data Protection Regulation (GDPR) regulates data protection and privacy for all individuals within the European Union and the European Economic Area. Exporting of personal data outside the EU and EEA is also addressed. The GDPR applies to SupportSync and any of its customers that process the personal data of EU residents.

Personal Data is defined as any information relating to an identified or identifiable natural person. Persons are identifiable when they can be identified by name, email, location, IP address and other identifiers. SupportSync does not disclose personal data except to provide its services to its customers and if necessary to comply with law enforcement.

Learn more about the GDPR

SupportSync: Controller and Processor

Article 4 of the GDPR defines unique roles for "data controllers" and "data processors" and applies to both. The data controller is defined as "the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data". The data processor is defined as: "a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller".

SupportSync is both a data controller and data processor. For example, if XYZ Tablets uses SupportSync to create and track product returns for their end-users, XYZ is the data controller and SupportSync is the data processor. SupportSync is also a data controller, however, as we determine how the personal data of our customer, XYZ Tablets, is used, specifically for accounting, support and subscription purposes.

Our Responsibilities as a Controller and Processor

According to Article 5 of the GDPR, the controller is responsible for the "lawfulness, fairness, transparency and confidentiality of personal data", and the processor is is responsible for ensuring that processing is carried out in "such a manner that meets the requirements of the regulation and ensures the protection of the rights of the data subject". To this end, SupportSync offers the following services to our customers:

Personal Data Use: The data we collect is used only for providing core services to our customers and their end-users such as product return (RMA) creation and tracking, case tracking and reporting, as well as to provide subscription management and customer service.

Data Protection​ ​by​ Design: We ensure that only personal data which is required is collected, and incorporate features and functionality that enhance privacy into our products.

Data Security: Personal data is hosted in ISO-certified data centers and encrypted at rest and over public networks.

Access Control: We provide an advanced set of access features to help customers protect their information. Customer information is not used for any purpose other than providing services and as otherwise required by law.

Data Breach Notifications: SupportSync will notify customers affected by a data breach within 72 hours if we become aware of such an event with our services.

Data Retention: Personal data will not be retained longer than necessary, in relation to the purpose for which such data is processed. Backups are kept for a limited time and access is tightly limited. Backups are kept for the organization’s (and its data subjects’) legitimate interest in recovering from accidents.

Right to be Forgotten (Deletion of Personal Data): The GDPR states that individuals have the right to request "the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay". SupportSync will respond to requests to delete data for customers or end-users in a timely fashion.

Submit a deletion request

Data Portability: This requirement aims to increase user choice of online services. Individuals have a right to obtain, in a machine-readable format, all of the data that has been collected by a data controller. SupportSync will respond to requests to provide all data for customers or end-users in a timely fashion.

Submit a data export request

Sub-Processors (Third-Parties): Organizations that perform data processing for other companies are accountable for the protection of personal data, according to the GDPR. Where processing is to be carried out on behalf of a controller, the controller shall use only processors implementing appropriate technical and organizational measures to meet the requirements of the GDPR and ensure the protection of personal data. SupportSync's sub-processors include:
- Rackspace (Hosting)
- Zendesk (CRM)
- Salesforce (CRM)
- Quickbooks (Accounting)
- iDrive (Backup)
- UPS, FedEx, Endicia (Shipping)

Data Protection Addendum

SupportSync processes personal data on our customers' behalf where such personal data is subject to EU data protection laws. Because of this, we offer a Data Protection Addendum (DPA) in PDF format as provided at the link below to address contractual requirements. The DPA will only be legally binding and effective if it is signed by both parties.

Download the DPA

Should SupportSync customers prepare for GDPR?

SupportSync encourages customers to prepare for the GDPR by reviewing their privacy and data security processes and policies to ensure compliance. Since our customers are data controllers, they bear the primary responsibility for ensuring that their processing of personal data is compliant with the GDPR.

About Privacy Shield

The Privacy Shield Framework was created by the U.S. Department of Commerce, the European Commission and the Swiss government. The Privacy Shield Framework provides companies with a mechanism to transfer personal data from the European Union to the United States in a manner that provides an adequate level of protection for the purpose of European data protection law. SupportSync is certified with Privacy Shield.

Check Status

© 2018 SupportSync, Inc. - Smarter returns, happier customers
LinkedIn Twitter
Capterra Software Reviews