Proffid and GDPR – Global Data Protection Regulation
In response to the GDPR laws becoming effective May 25th 2018, Proffid has the following procedures in order to adhere to these new regulations:
Proffid uses the following systems to store potential personal information:
- a CRM system, available via https:// secure website, only published to employees to record all business dealings with its customers and identified future customers
- a Customer Portal, available via https:// secure website, that accesses the mentioned CRM system
- an online appointment scheduler available via https://www.proffid.com/appointments
- an Online store, available via https://shop.proffid.nl
- financial software for bookkeeping
With Regards to the CRM system:
Proffid collects the following information from individuals:
- Gender / First Name / Last Name
- Organization and position person works at
- Email addresses related to work
- Work address information
- Telephone numbers the person can be reached at for work related questions.
No Personal information is recorded to identify person’s personal interests or hobbies, no credit cards are stored.
Proffid records the following information related the individual:
- Support tickets / Sales Opportunities / Quotes / Invoices / Assets / Agreements
- Call notes on interactions related to the business relation Proffid has with the individual and/or its related Organization.
The information is in principle stored indefinitely, for reasons of tracking past interactions and agreements and for fiscal requirements, to support, track product updates and changes, forecast , respond to critical changes (e.g. a critical software patch that needs to be applied), and with this data be able to contact the individual or organization. Support requests and solutions provided may be added to our FAQ section, where information is reviewed to become ‘impersonal’ and made available for our Helpdesk and/or Customers through the Customer Portal. Any obsolete or outdated information is deleted on an annual basis ( ‘our internal CRM Spring Cleaning’) or each time the Organzation or Individual requests such action, to the extended local legal requirements are not infringed.
With Regards to the Customer Portal:
Contact Persons can access the Customer Portal and perform the following tasks:
-Access FAQ section
– Add / review / Update support tickets related to the contact Person or its organization.
-Update contact information
With Regards to the appointment scheduler:
when you schedule an online appointment we collect:
– your requested service and technician at the requested date and time slot.
– required information for our planning department and technician, needed to contact and provide the service to you
– provided information is then stored in our CRM system for further processing.
With Regards to our Online Store:
Our web shop allows for registering your information, or purchasing as a 1-time guest.
When shopping as a 1 time guest, recorded information will be stored for the time a transaction needs to be completed + 90 days.
When registering as a customer, all entered information can be tracked and changed, all transactions can be tracked. A registered customer can delete it’s information.
With regards to the financial software:
Our financial software records the addres and contact details of the organizations we have financial transactions with. We have integrated the financial system with our CRM system to synchronize address details, and accounting-email adress for communication.
With regards to employees:
Each Proffid Employee, or person/company hired by Proffid to perform tasks on behalf of Proffid is bound to secrecy by means of a non-disclosure clause in the contract. Employees have a ‘need to know access’ to the CRM system and any data stored in the areas to which the person has been granted access.
With regards to data storage:
Databases storing the above mentioned information are only accessible through applications with username and password, the https:// secured web sites. The DPO ( Data Protection Officer) can reach databases directly on non-disclosed systems behind a firewall.
Proffid regularly (and in case of a change in staffing) updates internal passwords that grants employees access to customer systems remotely and internal systems. Should there be a data breach, Proffid will report this to the authorities within 72 hours of discovery, and will update internal passwords and procedures to prevent further infringement.
Proffid will not commercialy sell collected data to 3rd parties. Proffid will only share your (business) information with vendors, to the extend of acquiring software licenses, (hardware) warranty. this will only be done upon your approval / signing of a sales contract or service agreement, and for the vendor of the ordered license or product.
Send any questions you may have on the GDPR to firstname.lastname@example.org