May 25, 2018, marks a new landmark privacy law called the General Data Protection Regulation (GDPR) takes effect in the European Union (EU). The GDPR expands the privacy rights of EU individuals and places new obligations on all organizations that market, track, or handle EU personal data. It strengthens the protection of personal data in light of rapid technological developments, increased globalization, and more complex international flows of personal data.
What does it Protect?
The GDPR regulates the “processing” of data for EU individuals, which includes collection, storage, transfer, or use. Any organization that processes personal data of EU individuals is within the scope of the law, regardless of whether the organization has a physical presence in the EU. Importantly, under the GDPR, the concept of “personal data” is very broad and covers any information relating to an identified or identifiable individual (also called a “data subject”).
GDPR data in EU or outside?
No, the GDPR does not require EU personal data to stay in the EU, nor does it place any new restrictions on transfers of personal data outside the EU.
ConvergeHub is built with security to protect your data and applications. You can also implement your own security scheme to reflect the structure and needs of your organization. Protecting your data is a joint responsibility between you and ConvergeHub. ConvergeHub security features enable you to empower your users to do their jobs safely and efficiently. Various security schemes are as below:
ConvergeHub uses Amazon EC2, RDS ,S3 and many other Amazon AWS related services, providing end-to-end security and privacy features built in and is already declared GDPR Compliant by Amazon with the CISPE Code of Conduct. Our team takes additional proactive measures to ensure a secure infrastructure environment. For additional, more specific details regarding AWS security, please refer to https://aws.amazon.com/security/.
ConvergeHub uses SSL encryption to transport data from users to our secured databases. The encryption uses SHA256 algorithm for the encryption.
Each customer has their separate database schema in ConvergeHub. So, there is no intervention or probability of incorrect data exposure of databases of other users.
Table level security
Using table permissions, users can be restricted from seeing, creating, updating or deleting tables. Table permissions let you hide whole menus of tables from particular users so that they don’t even know if this table exists.
Field level security
In some cases, you may want users to have access to a table, but limit their access to individual fields in that table. Field-level security-or field permissions-control whether a user can see, edit, the value for a particular field on a table. They let you protect sensitive fields without having to hide the whole table from users.
Row level security
Along with tables and fields, if you want to control the record themselves, Record-level security lets you give users access to some table records, but not others. Every record is owned by a user. The owner has full access to the record. In a hierarchy, users higher in the hierarchy always have the same access to users below them in the hierarchy. There are two ways in which you can specify record-level security.
Each report is added to a folder. Users can be restricted to view/edit some reports using report sharing. They can be allowed or disallowed to view/edit reports.
You can select certain fields in any of the tables to track & monitor edits on those fields. Modifying any of these fields adds a non-deletable activity in activity of that table.
ConvergeHub strives to help you comply with the data protection and privacy regulations by implementation of various actions like email opt-outs etc. We ask for consent before signups etc. We store consent, the time of consent, context of consent for legal obligations. To make it easier for our customers to store consent of their users, ConvergeHub gives an option to create custom tables to store fields of consent of users. These consent records can be linked to records in desired tables.
Data processing restrictions
When situations require you to do so, prevent the processing of your customers’ data. We give guidance to help you restrict forms of data processing. That way, you can work toward complying with the laws that are important to your Converge. You can export data from ConvergeHub that you don’t want to be processed.
There are various options for data portability. You can use APIs, Import Wizard to import data from CSV files to ConvergeHub. You can allow your customers to export their data as per various data regulations. Data can be extracted from various methods such as UI-driven export, reports, REST API. Export formats include JSON and CSV.
The Service is hosted in the United States. Regardless of the database being hosted in the European Union, if you choose to use the Service from the EU or other regions of the world with laws governing data collection and use that may differ from US law, then please note that you may be transferring your Client Data and Personal Data outside of those regions to the United States for storage and processing by our service providers listed in the our Terms of Service. We will comply with GDPR requirements providing adequate protection for the transfer of personal information from Europe to the US. Also, we may transfer your data to the US, the EEA, or other countries or regions deemed by the European Commission to provide adequate protection of personal data in connection with storage and processing of data, fulfilling your requests, and operating the Service.
Data Controller and Data Processor
ConvergeHub does not own, control or direct the use of any of the Client Data stored or processed by a Client or User via the Service. Only the Client or Users are entitled to access, retrieve and direct the use of such Client Data. ConvergeHub is largely unaware of what Client Data is actually being stored or made available by a Client or User to the Service and does not directly access such Client Data except as authorized by the Client, or as necessary to provide Services to the Client and its Users.
The Client or the User is the data controller under the Regulation for any Client Data containing Personal Data, meaning that such party controls the manner such Personal Data is collected and used as well as the determination of the purposes and means of the processing of such Personal Data.
ConvergeHub is not responsible for the content of the Personal Data contained in the Client Data or other information stored on its servers (or its subcontractors’ servers) at the discretion of the Client or User nor is ConvergeHub responsible for the manner in which the Client or User collects, handles disclosure, distributes or otherwise processes such information.
We only retain the Personal Data collected from a User for as long as the User’s account is active or otherwise for a limited period of time as long as we need it to fulfill the purposes for which we have initially collected it, unless otherwise required by law. We will retain and use information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements as follows:
We hope this makes your use of ConvergeHub and the transition to GDPR much easier. As always, please contact us if you have any questions: support@ConvergeHub.com.
List of Sub-Processors
We work with the best in the market to ensure complete compliance, data safety and peace of mind.
List of Processors
Right to object (opt-out)
You can easily add a contact to Opt Out list to stop any outbound emails and SMS to the mentioned contact. Your customer can even text you Stop to opt-out of any future text messages.
Right to be forgotten
With ConvergeHub, deleting a contact will permanently delete all data related to that individual. You can delete any contact from your ConvergeHub Contacts.
If your customer (data subject) wishes to exercise his/her Right To Be Forgotten under GDPR, you can done so by
And, for double confirmation & any help, you can write to our support team at support@ConvergeHub.com
Last updated on August 26, 2019