The European Union General Data Protection Regulation (GDPR) is a regulation that aims at unifying EU member state data privacy regulations into a single regulation, enforced on the EU single market. This article describes the GDPR compliance status of Smart Noise.
If your company needs to ensure it is GDPR-compliant, it also needs to ensure its providers (ie. Smart Noise) are also GDPR compliant. Smart Noise is GDPR-compliant, and strictly enforces the regulation as to protect the user data we store.
The GDPR regulation can be reduced to 11 important points. For each point, we explain how Smart Noise handles its compliance. If we did not answer your questions in this article, you can still drop us a chat or email.
Also, please note that all Smart Noise data processor providers have been checked to be all GDPR-compliant (Stripe).
All employees responsible for software development & infrastructure maintenance of Smart Noise are fully aware of the GDPR requirements.
Also, code reviews are performed by the Data Protection Officers (as listed in this article), before any code deployment to the platform. This ensures security breaches and bad practices are not implemented by eg. a third party temporary contractor or a Smart Noise employee, even if aware of GDPR requirements (this plays as a double human safety check).
Smart Noise stores data on 2 kinds of parties:
2.1. Information held on our users
Smart Noise collects account information for each user (we refer to them as customers in this article), including:
2.2. Information held on our users’ end-users
Information held on our users’ end-users include:
Smart Noise resolves end-user identity information (first and last name, avatar, company) from external APIs. Those external APIs sources from public information that the end-user consented to share on a third-party service (eg. on social networks such as LinkedIn or Twitter). This end-user identity information is stored on Smart Noise services, for as long as the Smart Noise customer wishes them to be stored in their Smart Noise CRM database.
The information help on our users’ end-users is solely the responsibility of our users (ie. the individual websites using Smart Noise). It is the responsibility of our users to manage the data they hold in their personal Smart Noise Inbox and CRM, ie. to remove sensitive data if someone may happen to share it with them (eg. Social Security Numbers, etc.). It is our responsibility to secure access to this data (ie. only website operators can access it and have a right to rectification and deletion).
Smart Noise customers end-users privacy terms are the sole responsibility of Smart Noise customers. They should be announced on Smart Noise customers website.
Smart Noise replies to all access requests (positively or negatively) under 1 week (the legal limit from GDPR is 1 month).
We offer this free of charge for our customers (paid and free).
Smart Noise stores user data involving a consent (ie. a conversation both parties entered by will, and exchanged eg. emails).
It is the Smart Noise customers responsibility to ensure user data is lawfully collected in the event they use our CRM features. For instance, if the emails that get collected from the Smart Noise boards get re-used for marketing campaign purposes either on Smart Noise or an external system, the Smart Noise customer has to ask for user consent upon collecting this email.
Consent is provided by our users explicitly when proceeding an action or task (eg. when they provide user data).
Smart Noise does not offer online services to children, due to the nature of the service provided (business-to-business). Thus, we did not identify it as relevant to control the age of users signing up for services.
Children might still be able to use the Smart Noise services, from the website or apps of a customer. To this extent, the Smart Noise customer is responsible for checking against their own users and activities regarding children regulations.
Our team closely monitors any unauthorized system access, and has put in place multiple preventive measures to reduce the attack surface on our systems and services.
Here are a few measures we took to reduce any attack surface:
The points listed above help reduce the probability of a major data breach occurring.
Whenever Smart Noise develops a new system, security comes as a first when designing the architecture of such a system. Our first goal is to protect the integrity of the new production system, and the second goal to protect the user data that’s being stored and used by that system.
If you have any questions about these Terms, please contact us at firstname.lastname@example.org
These Terms were published on 01.12.2021.