The European Union General Data Protection Regulation (GDPR) is a regulation that aims at unifying EU member state data privacy regulations into a single regulation, enforced on the EU single market.
GDPR gives you more control over how your data is used, while to us, it will be a simple legal environment where we can operate.
The new regulation came into effect on the 25th May 2018 and we are glad to report that Jetlink has now fulfilled all the required regulations to become fully GDPR compliant.
This article describes the GDPR compliance status of Jetlink.
GDPR: How Does it Work
GDPR regulates the processing of personal data in the European Union(its collection, storage, transfer or use). Under the GDPR, the concept of “personal data” is broad and covers any person-related information that can be used to identify them.
The important thing is that GDPR applies to every organization that processes personal data of the EU citizens, even if it’s located outside of the EU. Now, every company is obliged to maximize its security in order to prevent data violation and protect you from data leakage.
What Has Jetlink Done about GDPR?
Maximum data security has always been the top priority in Jetlink.
We have always aimed to be fully compliant with international law and privacy regulations. For that reason, we have started working on GDPR regulations beforehand.
We have improved anonymity and pseudonymization of the data within our analytics tools, and we constantly making changes so you could have a better control over your data. We want to give you tools that will allow you to decide to what extent you disclose your data or to what extent you process data of your customers.
GDPR Roadmap
What we’ve done on our journey to become compliant
- Thorough analysis of areas inside the company that are affected by GDPR
- Preparation of a strategy for implementation of the technological GDPR regulations to each service we provide
- Preparation of a strategy for implementation of the legal GDPR regulation in our internal and external procedures
- Making changes to the Pre-chat survey feature, giving our customers option to include the data protection consents and clauses required before a chat
- Preparation of Data Processing Agreement
- Making necessary product and feature changes to help our customers become GDPR compliant. We’ll launch our product guide showing our customers how to adjust Jetlink for GDPR soon and that will help them better control their (and their customers’) data.
- Implementation of required changes to our internal processes and procedures
- Updates in company’s documentation according to GDPR requirements
- Appointing a Data Protection Officer
- In detailed testing all changes to verify the compliance with GDPR
- Communicating full compliance to customers
All Jetlink data is held on servers hosted in the 🇪🇺 European Union. Servers are hosted by Microsoft Azure.
What do Jetlink customers need to do?
If your company is based in the EU or your customers are EU citizens, there are few things that might be important for you.
1. Make sure that your Terms of Service and Privacy Policy properly communicate to your customers how you use Jetlink. If you collect personal data of your customers and process them via our app, you should inform your customers about their entitlements under GDPR. We recommend you ensure your policies and internal documentation are up to date and clear to your readers.
2. If you are located in the EU or your country’s law requires it from you, you can sign a Data Processing Agreement with us. In order to do that, write us an email at hello@jetlink.io and we will provide you with a DPA that you’ll be able to both review and sign.
Your company may like to ask some changes on our standard DPA, based on various factors of your businesses. At Jetlink, we provide you with such possibility in our Enterprise plan — click here to check out our current pricing, together with the full list of features available for Enterprise customers. You can write us an email at hello@jetlink.io to learn more about Enterprise plan.
3. In reference to the Data Processing Agreement, we have also updated both our Terms and Conditions and Privacy Policy. In order update your agreements, please contact with us at hello@jetlink.io
The summary of key GDPR changes:
Expanded individual rights
GDPR grants expanded rights for individuals in the European Union by allowing them, amongst other, the right to be forgotten and the right to request a copy of any personal data stored in their database.
Compliance obligations
GDPR requires organizations to implement appropriate security policies, keep records on data activities, and enter into written agreements with vendors to make sure that data is protected.
Data breach notifications
GDPR requires organizations to report certain data breaches to data protection authorities and, under certain circumstances, to the affected data subjects.
New requirements for profiling and monitoring
GDPR impose additional obligations on organizations engaged in profiling or monitoring behavior of EU individuals.
Increased Enforcement
GDPR provides a central point of enforcement for organizations operating in EU or processing data of the EU individuals member states by requiring companies to work with a supervisory authority for cross-border data protection issues.
Data Protection Officer
Jetlink appointed a Data Protection Officer, as required by GDPR:
Kaan Tezgel
Role: Co-founder & CTO
Email: kaan@jetlink.io
Phone: +902165990216
Address: B.Amsterdam Building, Johan Huizingalaan 763A, 1066 VH Amsterdam, Netherlands.
Jetlink customers rights regarding to GDPR are considered and enforced, including:
- Right to be informed: we clearly inform our users about the use that will be made of their data
- Right of access: our users can access all their data, without restriction.
- Right of rectification: it’s as shooting us an contacting us, we’ll process all your rectification queries.
- Right of erasure: it’s as shooting us an email contacting us, we’ll process all your erasure queries.
- Right to restrict processing: we don’t process the data of our customers (and our customers end-users)
- Right to data portability: our users may contact us anytime if they wish to get an export of their data (this may take time, however, as the data is fragmented amongst multiple isolated data-stores)
- Right to object: we handle all requests on this matter from our users and users’ end-users (contact us)
- Right not to be subject to automated decision-making including profiling: we never do that.
If you have more questions, please reach us at hello@jetlink.io