Last updated: March 18th, 2018
The General Data Protection Regulation (GDPR) is a comprehensive set of regulations made by the European Union that dictates what companies like Mago:Tech must do in order to properly protect our customers' data. Even though we are not a European company, we have many customers in the EU and we fully comply with these regulations. This document explains in simple terms what we're doing in order to ensure compliance.
Note: The full GDPR regulations are extremely long and complicated. This isn't meant to be a comprehensive list of every single thing we do to protect your data, but rather it's a simple summary so that you can have a good idea of the protections we have in place. Please feel free to reach out to us if you have questions about specific items that aren't addressed here.
GDPR is a sweeping regulation that covers many different topics. We will address each of the key points below. This information is targeted at our customers, but we extend these protections to anyone who visits our website, uses our software, or otherwise interacts with us in any way.
GDPR defines three parties:
The data controller and processor both have different responsibilities to ensure that we are acting legally and ethically. This document explains what we do to comply with GDPR as a processor, but you should keep in mind that you also have responsibilities to the people who's information you put in the CRM.
As a CRM company, our customers entrust us with very important data for their businesses. Keeping your data secure and private is of the utmost importance, and so we are careful to follow industry best practices. A lot goes into online security, but here are some of the main things we do that might interest you:
In addition to making sure that our software is as secure as possible, we also have strict internal policies to ensure that no one at Mago does anything to jeopardize your data privacy. These include:
We work hard to keep our software secure so that there are no data breaches, but in the event that there is a data breach, we have a plan in place that fully complies with the requirements laid out by GDPR. The basic idea is that if we become aware of a data breach, we will notify any of our customers who may have been impacted, and provide them with the appropriate information so that they can also comply with their responsibilities as a data controller.
GDPR requires that we establish that our data processing is legally justified. They give a variety of reasons it might be valid, and the following is the one that applies to us:
Our interpretation of this is that you, as the controller, have legitimate business interests in using a CRM and we're assisting you in pursuing those interests. Keep in mind that this only applies so long as the controller (you) respects the individual rights of the data subjects.
As explained above, we are in the role of data processor and you are the data controller. If you enter your customers' information into our software, you can be confident that we are handling GDPR compliance for the data processing side, but you are still responsible for being compliant as a data controller. This would be true regardless of what CRM you use, so there's no avoiding it. If you're concerned that you aren't in compliance, we encourage you to research this topic in more detail, but a good starting point is to ensure that you honor the individual rights laid out in the GDPR regulations to your customers.
As part of our commitment to remaining GDPR compliant and respecting the privacy of our users, we will revisit this document at least once per year to ensure that all of the information is accurate and up-to-date.