The EU General Data Protection Regulation (GDPR) is the most comprehensive change to EU data privacy law in decades. It took effect on the 25th May 2018. The salesblink.io team worked hard to prepare for GDPR and ensure we fulfill its obligations.
What is the GDPR?
The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union. For EUR residents, the regulation aims to increase their control over their personal data. For businesses, the GDPR becomes a unifying regulation across the EU. On the 25th of May, the GDPR took effect and replaced the 1995 Data Protection Directive.
Does this affect me?
The GDPR regulation applies to any EU residents' data,
regardless of where the processor or controller is located. This
means that if you’re using salesblink.io from the US to reach
out to other US corporations, the regulation doesn’t affect you.
But if some of your customers or leads are in the EU, you should
pay attention to it.
In practice, most companies need to take the GDPR into consideration.
Data Processing Addendum
salesblink.io Web Services, Inc. is in most cases a processor. As a data controller, under Article 28 of the GDPR, you need a data processing addendum (DPA) signed with your processors. We've made this procedure simple and have the contract ready to be signed.
How salesblink.io is complying with the GDPR
Even though the GDPR only applies to data from EU residents, we
took the decision to apply broadly the requirement of the
regulation. This means that except in some rare cases, we don’t
restrict any privacy-related feature based on the geographical
location of a data subject.
Here are some of the actions we’ve taken to ensure we’re compliant:
We’re taking the security of the data we manage very seriously.
Over the last few months, our architecture has been vastly
upgraded: Our entire cluster is systematically behind a
firewall. Double authentication is required for any connection.
We’ve also subscribed to Cloudflare to provide a Web Application Firewall (WAF) and a systematic block of potential threats.
Finally, we’re continuously improving our security thanks to our Security Bug Bounty Program. Since the start of the program, thousands of USD have been rewarded to motivate security researchers into scanning our application for vulnerabilities.
You can learn more about this topic on our page dedicated to this subject: Security Policy.
To improve, debug or prevent fraud on the service, we keep a variety of logs. We now make sure logs are destroyed at most 3 months after there collection date. We never use those logs of anything else than monitoring and debugging.
The GDPR gives the right to any user to download any data that he provides to a service. This allows for easier migration to other services. We think this is a great ideand salesblink.io has always made it possible for user to download their data.
Systematic pseudonymisation of non-public data
Our applications heavily pseudonymise data to ensure the privacy
of data subjects. Any attributes that doesn’t need to remain in
its original form is truncated to remove any possibility to be
linked back to a specific data subject.
For example, our MailTracker extension tracks reads of emails sent through Gmail. When saving reads, we save a truncated version of the IP address (the last part is systematically changed to 0). Thanks to such an approach, the service keeps the same level of usefulness for our users while maintaining the privacy of email recipients.
Right of erasure
Because we deal with publicly available web data, information removed from a website are also removed from our database. But if a data subject wishes to speed up the removal of any in our index, we offer a simple an efficient way to claim email addresses. It is then possible to either update the data or entirely remove it.