Versions Compared

Version Old Version 21 New Version Current
Changes made by

Kasia Czwarkiel (Unlicensed)

Kasia Czwarkiel (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

What is GDPR?

The new EU General Data Protection Regulation (GDPR) comes came into force on 25 May 2018 (including in the UK regardless of its decision to leave the EU) and will impact every organisation which holds or processes personal data. It will introduce new responsibilities, including the need to demonstrate compliance, more stringent enforcement and substantially increased penalties than the current Data Protection Act (DPA) which it will supersede.

...

Claritum's GDPR Approach

Claritum is committed to high standards of information security, privacy and transparency. We place a high priority on protecting and managing data in accordance with accepted standards and will comply with applicable GDPR regulations when they take effect in 2018, as a data processor, while also working closely with our customers and partners to meet contractual obligations for our procedures, products and services.

The company has two main areas of focus in preparing for GDPR overseen by an internal cross-functional team:

...

It is important to recognise that compliance is a shared responsibility and all organisations will need to adapt business processes and data management practices.

Compliance

Claritum already has robust information security policies and procedures but policies such as Incident Response Plans and Backup Data Retention will be are reviewed and updated on a regular basis.
Compliance will also be supported by a review of existing contracts with Claritum ensures compliance by the data controllers, the use of sub-contractors and any data export arrangements by having relevant arrangements in place.

Contract

...

A new addendum to your current contract is being prepared and Customer Services will be contacting you to get this approved and in place.

...

The contract between Claritum and our clients covers the rights and responsibilities on both sides, as you, the ‘data controller’ and Claritum, the ‘data processor’ under the terms of the GDPR.

...

As with all compliance programmes, clear documentation of and consistent adherence to the policies is key and so Claritum is working towards ISO 9001 compliance. More information about this will be available over the coming months.

Data Protection Officer

Even though (technically) Claritum are not required to do so under the terms of the GDPR, Claritum have appointed a Data Protection Officer (‘DPO’) whose task is to inform, advise and monitor compliance. The company will implement tools as appropriate that support the process, providing necessary security and ongoing delivery of objectives.

...

These efficiency improvements will be announced along with other release notices in the usual way.

Personal Data

...

Mapping - data Subjects and Elements

...

As a Data Processor we manage the following personal data in Claritum on behalf of our Customers

:


CategorieData SubjectPersonal Data Element
Service Manager

Supplier User

·       Name and Surname

·       Email

Address

·       Phone Details

·       External ID

·       Place of Work

Customer User

·       Name and Surname

·       Email Address

·       Phone Details

·       Fax

·       Cost Centre

·       Physical Address

Supplier User

·       External ID

·       Gender

·       Place of Work

·       Image

·       Banking Details

Service Manager

·       Name and Surname

·       Email Address

·       Phone Details

·       Place of Work

·       External ID

·       Banking Details


Additionally, we have prepared a ‘map’ of all the places in the system that potentially ‘personally-identifiable’ information may come into the Claritum system. This map also details which types of users may access the data and to what extent (viewing/reading, updating, both).
This data ‘map’ can be found here

Where is Claritum Data stored?

The Claritum system runs on Rackspace Public Cloud.
 
UK and European customers are hosted in their London (UK) region.
The data centers meet the following standards:
ISO 27002
Rackspace have also released their GDPR statement and shared FAQ's list which can be viewed on their website: https://www.rackspace.com/en-gb/gdpr

...


Systems and Personal Data we

...

share to support our Customers

As a Data Controller we securely store your information in other applications allowing us to support you and your organisation on a daily basis.

Data ProcessorData SubjectCategory
Element
Personal Data ElementsPurpose
Legal basis for each processing purpose (non-special categories of personal data)

Atlassian

Support Portal

  • Name and Surname
  • Email address
manages support tickets

https://www.atlassian.com/trust

/securityAha!Ideas Portal
  • Name and Surname
  • Email Address
manages improvements requests, new features and functionality requestshttps:

/

/www.aha.io/legal/

security

SalesForceCRM and Marketing

  • Name and Surname
  • Email Address
  • Company Address Information
  • Phone Number
  • Title
marketing and customer relationship management tool

https://www.

salesforce

atlassian.com/

uk/company/privacy/full_privacy/Act-OnEmailing

gdpr

Claritum Customers ( Key Contacts, Super Users)Support Portal
  • Name and Surname
  • Email Address
  • Company Name
  • Title
    • align inbound and outbound marketing campaigns across the customer lifecycle. We use it for communicating important changes at Claritum, system upgrades, new product releases, scheduled software releases 

    To support Claritum customers with issues, questions about the Claritum system.

    The tool is used for managing tickets / communication between Claritum and their Customers ( key contacts, also known as Super Users )

    Aha!

    https://www.

    act-on

    aha.

    com

    io/

    privacy-policy

    legal/

     

    security

    Atlassian Jira ( Support Portal)

    ...

    Claritum Customers ( Key Contacts, Super Users)Ideas Portal
    • Name and Surname
    • Email

    ...

    You can check how Atlassian Jira securily store and use the information: https://www.atlassian.com/trust/security

    Aha! (Ideas Portal)

    Aha! is a product that Claritum use for managing our customer's ideas for Claritum improvements, new features and functionality. Only Super User's data is stored in Aha! which includes data such as:

    • Name and Surname
    • Email Address

    ...

    • Address

    Manages improvement requests, new features and functionality requests

    The tool is used for managing improvements, ideas for new features and functionality requests submitted by Claritum's customers ( key contacts, also known as Super Users )

    HubSpot

    https://www.

    ...

    hubspot.

    ...

    com/

    ...

    SalesForce 

    ...

    data-privacy/gdpr

    Marketing Contacts Sales Contacts

    Claritum Customers ( Key Contacts, Super Users)

    CRM and Marketing

    Emailing

    • Name and Surname
    • Email Address
    • Company Address Information
    • Phone Number
    • Title

    You can check how SalesForce securily store and use the information: https://www.salesforce.com/uk/company/privacy/full_privacy/

    Act-on

    ...

    Marketing and customer relationship management tool.

    Aligns inbound and outbound marketing campaigns across the customer lifecycle

    ...

    • Name and Surname
    • Email Address
    • Company Name
    • Title

    ...

    Data is stored for commercial communications and to enable users to use the Claritum system and for Claritum to be able to contact Administrators of the system