Exeter Medical Acupuncture’s Commitment to GDPR

The General Data Protection Regulation (GDPR) is a European Union (EU) regulation, which establishes a new framework for handling and processing of personal data of EU residents. Any business processing personal data (collecting, recording, storing, using, etc) of EU residents are likely to be affected by the GDPR. The regulation comes into effect on May 25, 2018.

What are the benefits of GDPR?

GDPR gives customers and their users the option to:

• Easily identify personal data and enriched profile information.
• Update Personally Identifiable Information (PII) whenever needed.
• Opt out of storing user events.
• Request a permanent delete of all customer and end-user information.
• Opt out from sending data to third-party for analytics (stop sending properties to any third-party analytics tool).

How is Exeter Medical Acupuncture preparing for GDPR?

Exeter Medical Acupuncture welcomes the introduction of GDPR and is fully committed to achieving compliance with GDPR. We completely understand our obligation to our customers and we value our customers (and their customer’s) personal data rights. Here’s what we are doing:

• GDPR Analysis: We have thoroughly analyzed GDPR requirements and we have put in place a dedicated internal team to drive our organization to meet those requirements.
• Identifying Personal Data: We are currently in the process of identifying the different levels of personal data that is collected, stored, used and disposed. It’ll help us establish a roadmap for becoming compliant with the new regulation.
• Being Visible & Achieving Transparency: In the light of the powerful role data plays in the modern day, providing visibility and transparency on how collected personal data is used is of utmost importance. Identifying the different levels of personal data will help us explore the best way in which we can achieve transparency and provide visibility to our customers.
• Enhancing Data Security: We give data security great importance. We are reviewing our policies to further enhance data privacy and data security measures.
• Data Portability: We are exploring ways of streamlining data exporting capabilities so as to give a helping hand to our customers who are concerned about their personal data.
• Changes in the Product: We have identified a few requirements in areas of our product that will be impacted by GDPR. We have developed a strategy that’ll help implement those changes.  

Features Built for GDPR Readiness:

Right to be Forgotten

Exeter Medical Acupuncture lets you delete user data permanently. You can delete the user profile and all the data associated – like tickets raised by them, team huddle discussions, phone conversations, chats, satisfaction ratings provided, topics created and discussions in forums. To delete all user information, please email us stating specifically to request this at mail@Exetermedicalacupuncture.co.uk.

\Right to Rectification

The GDPR includes a right for individuals to have inaccurate personal data rectified, or completed if it is incomplete. Users in Exeter Medical Acupuncture can rectify any errors in their personal data by editing their profiles.

Exeter Medical Acupuncture GDPR FAQ:

Are Exeter Medical Acupuncture services GDPR compliant?

Exeter Medical Acupuncture is committed to transparent and secure handling of all personal data on our network. Our processes have gone through an extensive procedural and legal review to ensure we fully meet the requirements set forth in the EU General Data Protection Regulation (GDPR) legislation.

What is Exeter Medical Acupuncture’s role with respect to GDPR?

Exeter Medical Acupuncture acts as both a data controller and a data processor. Exeter Medical Acupuncture acts as a data controller for customer information that we collect to process payments and provide customer support. When a customer uses our services to process personal data, Exeter Medical Acupuncture acts as a data processor.

Does Exeter Medical Acupuncture offer a Data Processing Addendum?

If GDPR applies to your organization and you need a DPA to satisfy GDPR requirements, Exeter Medical Acupuncture makes one available at the following URL: https://Exetermedicalacupuncture.co.uk/dpa

In order for it to be binding, please send the executed document back mail@Exetermedicalacupuncture.co.uk

How do you Delete User Data?

Exeter Medical Acupuncture lets you delete user data permanently. You can delete the user profile and all the data associated – like team huddle discussions, phone conversations, chats, satisfaction ratings provided, topics created and discussions in forums.

For this, please email us stating specifically to request this at mail@Exetermedicalacupuncture.co.uk. We’ll initiate the process of deleting your data.

These are the steps we are going to take:

1. The mail navigates to the specific customer’s profile and ‘delete’ the contact – this first step is a soft delete.
2. The mail then navigates to the deleted contact’s profile and uses that ‘Delete forever’ option to permanently delete the customer’s data – forums, calls & profile.
3. If the deleted contact has been an agent with the account, we permanently delete their PII (Personally Identifiable Information) such that the individual is not identified or identifiable thereafter. However, for business continuity, their contributions to the business viz. notes, knowledge base articles, forum topics/comments, support calls, surveys, automation rules, contacts, companies, tags, etc. will be retained. (This is being built and will be available soon.)

How do you Export User Data?

Exeter Medical Acupuncture lets you export user data. You can export the user profile and all the data associated – like team huddle discussions, phone conversations, chats, satisfaction ratings provided, topics created and discussions in forums.

If you want to export User Data, please email us stating specifically to request this at mail@Exetermedicalacupuncture.co.uk. We’ll initiate the process of exporting your data.

These are the steps we are going to take:

The mail navigates to the list of all customers where the export functionality is available, and then filter through to the required customer’s data. Additionally, the mail may use this API call to pull all profile information about them.

How is my data in Exeter Medical Acupuncture protected from misuse?

All data including personal data and call information are encrypted at transit and at rest in the product. As a data controller, it is important for you to assess what data you’re collecting in the call recordings and notes. This information must be minimized to the extent necessary for you to provide service or support. As a data processor, Exeter Medical Acupuncture performs operations or set of operations on this data only based on your action and in compliance with applicable regulations.

How do you address a customer’s request to ‘Opt-Out Analytics’?

As we are currently working on enabling this option. However, you can send us a request at mail@Exetermedicalacupuncture.co.uk.

How do you address the ‘Data Rectification’ requests?

The GDPR includes a right for individuals to have inaccurate personal data rectified, or completed if it is incomplete. End-users and agents in Exeter Medical Acupuncture can rectify any errors in their personal data by editing their profiles.  

Do I need to move my data to an EU data center?

Exeter Medical Acupuncture stores all users data in the EU therefore, users do not have to move their data.

We at Exeter Medical Acupuncture are committed to providing a product which enables our customers to provide customer service responsibly by implementing and adhering to prescribed compliance policies, both as a data controller and processor. The upcoming GDPR enforcement is critical to our mission of providing EU and all our global customers with safe and dependable customer support software. For more information or questions about the Exeter Medical Acupuncture Privacy Policy, please view this page or contact us at mail@Exetermedicalacupuncture.co.uk

Support

I have questions, how do I get in touch?

Please feel free to reach out to mail@Exetermedicalacupuncture.co.uk for any questions about GDPR. We’d be happy to clarify any doubt.