General Data Protection Regulation (GDPR)
Stratodesk has been at the forefront of data security since our founding. In accordance with our commitment to safeguarding your personal information, Stratodesk only stores the minimum information that is necessary to inform our contacts and customers about important security updates, new software versions and features, interesting company news, as well as to allow them to access our customer portal. As the GDPR comes into full effect, we are making a few small but necessary changes in order to ensure compliance beginning May 25th 2018.
What is GDPR?
The GDPR aims to bring consistency to laws that govern how companies process data belonging to individuals in the EU. It builds on existing guidelines while solidifying a new outlook that broadens the scope of the individual’s rights. The regulation applies to how European and Global entities gain, manage, and eventually destroy personal data collected on individuals within the EU.
How does the GDPR affect Stratodesk Customers?
Functionally, we expect there to be no changes in regards to how our customers use our products. We will be updating our terms of use and privacy policy and making a few minimal changes to our pages in order to ensure compliance. As always, users are able to opt-in-or-out of our emails and change the frequency with which they are contacted. Once the necessary updates are made, we will be notifying users via our email newsletter.
What does Stratodesk do with your personal data?
Stratodesk only stores what is necessary for users to interact with our site and stay up-to-date with our services. Our data process is designed from start to finish to be compliant with GDPR laws.
Privacy by Default and Design
From the beginning, Stratodesk has incorporated privacy into our systems and processes. By only storing our users’ names and email address as well as company names and business addresses, we ensure that we have only the bare necessities required to write or send invoices, contracts, quotes and conduct normal business procedures. We don’t store unnecessary information, and never store demographic information or credit card information or other personal data. We keep our users’ rights and privacy in mind from the conceptualizing of a product or procedure to its completion.
Password Security
We use strong password hashing technologies to secure user login into our customer portal (wwww.stratodesk.com/portal). We verify a password’s validity by performing a hash and checking the result against the hash the website created of your password when you chose it. This means we never have to store your password itself.
Cookies
We may process your user information by placing or reading cookies and similar technologies on our website and customer portal. We use cookies only for the information that is necessary for you to interact with our website.
What cookies do we use?
- Essential Cookies or Strictly Necessary Cookies: these cookies are essential for you to interact with the website and access its features. Without these cookies, certain features could not function. No information about your browsing habits is gathered by these cookies.
- Functional Cookies: these cookies remember how you prefer to use our website and services, recognize you on your return and enable us to improve your user experience . Functional Cookies are persistent cookies that the website or customer portal remembers when your computer or device comes back to our website.
- Analytics Cookies: Analytics Cookies allow us to improve our services by collecting information about your use of the website. For example, Analytics Cookies enable us to see what are the most frequently visited pages on www.stratodesk.com and help us record any difficulties you have using our website. We can’t identify you personally through the use of these cookies.
Customer Communication
We process customer data for direct marketing purposes and customer communication under legitimate interest. Legitimate interest is found in Article 6 and states that “processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.” The GDPR acknowledges that direct marketing will often be a ‘legitimate interest’ of a business and therefore consent to direct marketing is not always required under the GDPR. Recital 47 of the GDPR states that: “The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.”
Email Marketing
The GDPR allows for a soft-opt in approach that enables companies to obtain consent to send marketing communications to individuals when that individual has expressed explicit interest in a product or service. This means that data which is obtained through the course or negotiations of a sale, software downloads and through consent given at trade shows is able to be processed with the end goal being email marketing regarding the product, software and company. We have never bought any address lists or harvested any data.
We only market our own products and services and will only send important information about the product (e.g. security issues, new version or features) you initially showed interest in or similar products and services from our company.
We provide the opportunity to refuse or opt-out of further marketing when collecting data and in every email we send.
Newsletter Sign Up
We provide the opportunity to subscribe to our newsletter on our website. Your consent can be withdrawn at any time without affecting the lawfulness of the prior processing. If consent is withdrawn, we will stop the corresponding data processing.
You may unsubscribe from the newsletter at any time via the link to unsubscribe which you will find in every newsletter email.
Contracts and Invoices
We process information necessary for doing business with our customers including company name and billing address.
Data Transfer
Our third party processors are bound to us by a specific contractual relationship that expressly dictates what they can or cannot do with the data we supply them. Art. 28 GDPR allows for transfers to service providers in this situation, and we only transfer data to service providers who are GDPR compliant. The most important service providers that we engage with are Mailchimp, Google, and Hubspot.
Online Applications
Data disclosed as part of an online application is used only for the purpose of selecting applicants and not for any other purpose.
Stratodesk’s Data Lifecycle
How does Stratodesk obtain and use your data? We’ve put the stages into a few, concise steps to provide transparency so that you know exactly what we are doing with your data at each step of the way.