Our GDPR Readiness

What Is the GDPR and Why Does It Concern You?

The European Union (EU) is introducing a landmark regulation called the General Data Protection Regulation (GDPR in short) on the 25th of May.

The goal of GDPR is to give EU residents drastic improvements to their privacy rights and control over their personal data, and to protect them from privacy breaches and leaks.

Every organisation that handles, markets or tracks the personal data of EU residents is concerned, even if they are not based in Europe. In the case of software companies which typically sell their products globally, this means that this new regulation will apply to everyone, no matter where they are based.

To ensure we were compliant, and in turn that the personal data of our customers is treated correctly whilst continuing to provide a great customer experience, has been an important focus for us.

Here are the main concepts of the GDPR:

Personal data requires lawful processing. This means you shouldn’t buy email lists where you don’t know how consent was acquired, and we can’t enable newsletters to customers if we don’t know whether they have consented to them.

Customers should specify exactly what communications they want to receive from you. This means the language explaining how you will contact them needs to be very clear and respect certain rules.

Customers will have a right to transparency around the collection and processing of their data. This means they will be able to ask us for the data we store on them, and receive it in a simple format.

Customers can request the right to be forgotten. This means if they ask us, we will remove all their personal data.

Implementing all of this could be complex. We’re rolling out changes to ensure that it is simple and straightforward for you.

Legal Documentation

Our legal team is busy writing updated terms and conditions for vendors along with helping us to update our customer facing privacy policy. These will be published before the cutoff date, and vendors will be prompted to confirm they agree to the new terms.

Tubular as the Data Processor

When we provide software and services to a company or enterprise, we’re acting as a data processor for the personal data you ask us to process and store as part of providing the Tubular services to you. As a data processor, we only process personal data in accordance with your company’s permission and instructions.

The people you store in Tubular as Contacts or Leads are your data subjects, and you are considered the data controller for this personal data. In our Terms of Service and Privacy Policy, we refer to this data as Client Data. 

Using Tubular to manage your customers means you have engaged Tubular as a data processor to carry out certain processing activities on your behalf.

According to Article 28 of the GDPR, the relationship between the controller and the processor needs to be made in writing (electronic form is acceptable under subsection (9) of the same Article). This is where our Terms of Service and Privacy Policy come in. These two documents also serve as your data processing contract, setting out the instructions that you are giving to Tubular with regard to processing the personal data you control, and establishing the rights and responsibilities of both parties. Tubular will only process your Client Data based on your instructions as the data controller.

Your Role as a Data Controller

As the data controller, you will determine the personal data we process and store on your behalf. You will also provide privacy notices to individuals who engage with your brands detailing how you collect and use information, and obtain consents, if needed. If those individuals want to know what data you maintain about them or decide they want to discontinue their relationship with you, you will respond to those requests.

Data Transfer & Sharing

Rules for transferring data outside of the EU haven’t actually changed under GDPR, and whilst we process data outside of the EU, we do so in a way which is fully compliant with EU law.

We process and store all our data in the EU between Ireland and London using infrastructure and data solutions provided by Amazon. Amazon is certified under the EU-US Privacy Shield, and as such, the transfer and processing is compliant without the need for additional consent.

Tubular as the Data Controller

In addition to the above, Tubular acts as the data controller for the personal data we collect about you, the user of our web app, mobile apps, and website.

First and foremost, we process data that is necessary for us to perform our contract with you (GDPR Article 6(1)(b)).

Second, we process data to meet our obligations under the law (GDPR Article 6(1)(c)) — this primarily involves financial data and information that we need to meet our accountability obligations under the GDPR.

Third, we process your personal data for our legitimate interests in line with GDPR Article 6(1)(f).

What are these ‘legitimate interests’ we talk about?

Improving the app to help you reach new levels of productivity.

Ensure that your data and Tubular’s systems are safe and secure.

Responsible marketing of our product and its features.

As the controller for your personal data, the whole team at Tubular is committed to respect all your rights under the GDPR. If you have any questions or feedback, please reach out to our Data Protection Officer by email at dpo@tubular.io

Cookies & Tracking

We use a small number of GDPR compliant tracking and monitoring platforms. These services use a combination of temporary and long lived cookies to be able to identify unique user journeys. These services are used internally only for platform diagnostics and product improvements.

The data collected is not shared with any outside parties, nor is used for any activities which would require further GDPR compliance or an opt-out. They are necessary to ensure the reliable operation of our platform.

Readiness to Comply with Subject Access Requests

Data subjects’ ownership of their personal data is at the heart of the GDPR. We have created a readiness to respond to data subject requests to delete, modify, or transfer their data. This means that our Customer Support Team along with our Engineers that assist them in their work are well-prepared to help you in any issues involving your personal data.

Documentation

Our Terms of Service and Privacy Policy are constantly being revised to increase transparency and to ensure the documents meet GDPR requirements. As a platform for our relationship for you, it is very important for us to comprehensively and openly explain our commitments and your rights in these documents. Additionally, we’re constantly mapping all our data processing activities in order to comply with the GDPR accountability requirements.

Did this answer your question?