GDPR Compliance
The General Data Protection Regulation (EU) 2016/679 (GDPR) is a regulation in EU law which emphasizes data protection and privacy for all citizens of the European Union (EU). It also addresses the transfer of personal data outside the EU. GDPR came into effect on May 25th, 2018 and all organizations with business in the EU, are required to comply with this regulation.
What is personal data?
Any data that is related to an identifiable or identified individual. GDPR covers a broad spectrum of information that could be used on its own or in conjunction with other pieces of information to identify an individual. Personal data can include a person’s name, email address, mailing address, phone number, financial information, genetic data, biometric data, ethnicity etc.
What customer information is stored by Uptrix?
A customer’s name, corporate email address, phone number, designation and department are stored by Uptrix. The corporate email address is mandatory as a part of user account credentials for the Blend licensing portal.
Is Uptrix GDPR ready?
- Uptrix has raised awareness across the entire organization through internal discussions, channels and appropriate training sessions for employees. Our employees understand the importance of information security and the high standards which are set by GDPR.
- All business processes and procedures have been reviewed and flow of information through Uptrix has been channeled appropriately. A minimal number of trained employees are given access to personal data. Uptrix closely monitors which departments require what data and for what purpose.
- Our application teams have embraced the concept of privacy by design. Multiple provisions have been made to store data in a controlled environment.
- Uptrix does not sell, trade or transfer to third parties any personally identifiable information. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential.
- We have conducted internal audits of our products, processes and operations. The findings from the audit have been communicated to our teams who have worked on a solution for the problems identified.
- Personal data is retained by Uptrix only if necessary, after which it is deleted or archived except to the extent necessary to comply with legal obligations.
- HTTPs is an integral part of Uptrix’s application. All personal data which is sent between the client and server is encrypted using the SSL/TLS cryptographic protocols.
- Users are provided with clear Terms and Conditions and have to acknowledge that they have read them before getting access to the app.
- Uptrix does not save any personal data which is transmitted to our payment gateways. This data is deleted from our web processes within a period of 60 days.
- Uptrix clearly informs users about the collection and use of personal data. Users at any point in time can raise a justified objection or withdraw consent to the processing of personal data.