Talk to sales: +48 22 599 4258    ·    Request a Demo →
Sugester
 


Sugester ready for GDPR

how we help to be consistent with GDPR





 

This page was created in response to many questions about GDPR. How our system is adjust for incoming changes and new regulations in data protection? We present below, how you can fulfill basic requirements, which business owners’ will have to face. Among most important system’s features we also present some newest, that were made to improve the safety of your data.

How Sugester can help you to be consistent with GDPR

Companies often keep their clients data in many places, e.g. emails at one provider, email campaigns are sent by some other provider, company’s files are kept in differents apps and CRM data is on other server. This way makes it quite difficult to manage the company and information flow, which is a key for success, when you’re running your own business. Additionally, with GDPR it’s good to think about one common place for keeping your company’s data, so you can show the purpose and consent for their processing. And for that you can use Sugester’s help. Thanks to selected modules and advanced features, Sugester allows you not only to collect most important informations and control them, but also makes it easier to fulfill requirements of GDPR. For example, if a client asks, how do you process his data, you will be able to show him all the details. If he wants to use the right for being forgotten and ask you to delete all of his data, you will be able to do it quickly and safely. Also, by keeping customers’ data in our system (secured with encrypted connection and forced login), you minimise the risk of losing it.

The General Data Protection Regulation

GDPR is a regulation on data protection, which becomes enforceable on 25 May 2018. It regulates a way for processing data, that is making all kinds of operations on personal data, e.g. collecting, saving, keeping, looking through, but also erasing. With GDPR we’re preparing for changes - we’re updating our terms of use and politics of privacy, so everyone can use Sugester as processor.

Sugester as personal data processor

With GDPR coming up soon, it’s very important to understand the meaning of words ‘Processor’ and ‘Administrator’. Who is who? You’re the administrator of data you entrust us. You’re in charge of purpose and means of personal data processing in the system. By using Sugester, you’re obliged to use our service in a way that do not violate third party rights (personal rights and copyright), common law and good manners.


Sugester is data processor. It means that Sugester processes personal data in administrator’s name, that is in you name. We’re not the ‘Owner’ of data you put in our system, we cannot use them for our own purposes. We only make operations on entrusted data on administrator’s command, that is on your command, and we’re making sure they’re still safe.


It’s also important to know, that processor may use the services of third body and sub-entrust processed data to third body to implement the service. However, it’s only possible after administrator’s agreement. Sugester, as processor, stores data on Amazon AWS servers based in European Union.


Safety and processing personal data in Sugester in accordance with GDPR

Data implemented into the system are processed by Sugester only for Administrator’s request (your request) and are kept as long as it takes to deliver the service. According to GDPR assumptions, Sugester allows you to erase, fix and export personal data. You’re allowed to get back your data immediately by exporting them to xls or csv files. When you decide to stop using Sugester, you’re allowed to demand erasing your data permanently.


All data kept in Sugester have backup made everyday. Backups are stored on Amazon AWS servers based around European Economic Area. In case of accidental data removal, on your request we may restore your data thanks to backup (from specific day and hour).


See how features of Sugester allows you to be equal to GDPR requirements and improves your data safety:

  • Data protection based on privileges: Sugester allows you to create roles and privileges, which may limit some users when it comes to access to data (depending on their roles in company)
  • Collecting agreements for data processing: if you want to easily collect your client’s consent and keep it in the system, you can use Sugester Forms
  • Unsubscribe lists: according to GDPR everyone has the right for objection, when it comes to processing person’s data. Sugester automatically adds link to each email campaign, that allows to unsubscribe and stop receiving more unwanted emails
  • Data encryption: all data send between your computer and Sugester’s servers are secured with SSL encryption
  • Customers’ activity monitoring: thanks to system’s activities displayed in Sugester, you’re able to monitor changes connected to your clients
  • Automatic logout after long inaction: if you leave your workplace for longer time, Sugester will secure your data and demand to login again.
  • 2-step verification: to make login safer, we implemented 2-step verification login by sending PIN number on verified email address
  • Access to the account by specified IP address: to secure Sugester account even more, you can select IP addresses, from which access to the account will be possible. It may be the IP address used in your company.

FAQ:


Who’s got access to my data?


Data on server are confidential and used for providing service only. Sugester’s Helpdesk Workers have access to your account if you grant them the access (for limited period of time), and only chosen IT personnel can see data on the server. All workers are also allowed to process personal data and obliged to keep them confidential, according to non-disclosure agreement signed with Sugester.

How can I sign data processing agreement with Sugester?

Data processing agreement we currently sign in paper version, because it’s not possible to conclude the agreement electronically. GDPR allows to conclude the agreement electronically - terms of use will be adjusted to changes in law. We want to ensure easier way for concluding the agreement, which will be a part of updated Terms of use. We will ask all users to accept new Terms of use, and you can always ask us to conclude the agreement in traditional way - in paper version.

How can I increase safety of data kept in Sugester?

  • use strong password. Here are some rules for creating strong password:
    • don’t use IDs as password (even if you change size or order of letters)
    • don’t use you name, last name or proper name
    • don’t use informations connected to a specific person (ID, phone number)
    • don’t use letters/numbers only
    • use signs and numbers (@#$%&567576)
    • you should be able to write the password quickly and use letters placed unevenly on keyboard
    • remember to change the password from time to time
  • before entering your personal data make sure, that URL address starts with ‘https’ - it means that connection is encrypted
  • login to Sugester only from trusted computers and mobile devices
  • when you stop using Sugester always remember to log out