SalesPal has been preparing for the European Union’s (EU) General Data Protection Regulation (GDPR) right from day one. We have implemented processes and procedures to ensure we meet both our Data Controller and Data Processor obligations. We have processes in place to support Data Subject requests, SalesPal has determined that our current security controls, allow us to adhere to the GDPR’s requirements applicable to our business. This assessment includes supporting our customers in meeting their GDPR obligations. 

It is important to note that GDPR does not have an accredited certification method. That means, there is no GDPR-approved way to demonstrate compliance. Here is what SalesPal has done to meet our GDPR obligations and help our customers do the same:

Privacy Shield and Data Transfer

SalesPal currently complies with current EU and EEA data protection laws as they stand today regarding onward transfer of data subject information to a data processor. As a customer, we understand that you are entrusting us with your data. Therefore, SalesPal takes a principled approach to privacy and security - we were an early adopter and comply with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the EEA to the United States. Privacy Shield was designed with many of the privacy concepts that are in GDPR in mind. You can view a description of how we comply with the Privacy Shield Principles in our Privacy Policy. To learn more about the Privacy Shield Framework and the scope of our participation, visit the U.S. Department of Commerce website.

Privacy Shield allows SalesPal to meet the current privacy requirements of Europe for onward transfer by doing the following privacy principles:

  • Notice

  • Choice

  • Accountability for Onward Transfer

  • Security

  • Data Integrity and Purpose Limitation

  • Access

  • Recourse, Enforcement and Liability


Standard Contractual Clauses (Model contract clauses)

Additionally, SalesPal signs Data Processing Agreements (DPA) with customers who need them. Where necessary, SalesPal includes standard model clauses for transfer to third-party countries (the current bar set by the EU Commission). These clauses ensure our customers can transfer data to countries outside of the EEA for use in our system. Further, SalesPal has DPAs in place with all sub-processors where legally required.

Security

SalesPal has implemented many strong data security requirements and controls to protect our customer’s data - many of which already meet GDPR standards.

  • SalesPal maintains security management best practices and controls based on ISO 27002 best practice guide to ensure our systems and processes meet many of the requirements described here.
  • SalesPal maintains controls that are relevant to the principles of security, availability, and confidentiality on an ongoing basis. We conduct rigorous assessment that tests the operating effectiveness of our controls over a defined period, demonstrating and documenting our compliance with controls pertaining to security, availability, and confidentiality.
  • SalesPal has strong data protection controls, which includes encryption in transit and encryption at rest of customer data, to safeguard data subject’s data from unintended disclosure or misuse. SalesPal rigorously tests its product to remedy proactively vulnerabilities and follows industry best practices and guidance in information security.
  • SalesPal maintains incident response and notification processes. These procedures are tested annually.
  • SalesPal has procedures in place to ensure data recovery and data integrity, which come in play when customer data is lost or inadvertently corrupted.
  • SalesPal provides assurances that the customer retains full control of their data.
  • SalesPal’s key data sub-processors, i.e. Amazon Web Services (AWS), IBM Watson, or Microsoft Azure all maintain rigorous security standards (SOC2 and/or ISO 27001 certifications, where possible), and undergo annual vendor reviews.
Machine Learning, sales playbook, Sales coaching, inside sales coach