9. GDPR COMPLIANCE
1) In effect from 25 May 2018, RevU Online will Process Personal Data in accordance with GDPR (General Data Protection Regulation) requirements.
https://www.eugdpr.org/
2) RevU Online is a “processor” by definition of the GDPR.
Definition: A processor is a natural or legal person or agency that processes data on behalf of a controller. “Processing” is defined very broadly in the Directive to include collection, use, storage, manipulation, disclosure, disposal, and virtually any other action with personal data.
The GDPR defines the data controller as the principal party for responsibilities such as collecting consent, managing consent-revoking, and enabling right to access. A data subject who wishes to revoke consent for his or her personal data therefore will contact the data controller to initiate the request.
3) Data Protection Impact Assessment. In effect from 25 May 2018, upon Customer’s request, RevU Online (processor) shall provide Customer with reasonable cooperation and assistance needed to fulfil Customer’s obligation under the GDPR to carry out a data protection impact assessment related to Customer’s use of the Services, to the extent Customer does not otherwise have access to the relevant information, and to the extent such information is available to RevU Online.
4) RevU Online shall return Customer Data to Customer and, to the extent allowed by applicable law, delete Customer Data in accordance with the procedures and timeframes specified by the GDPR.
5) Notification of Sub-processors and Objection Right for New Sub-processors. Customer acknowledges and expressly agrees that RevU Online does engage with Sub-processors and that RevU Online may engage in new Sub-processors at any time. All current Sub-processors have expressed their intention to be GDPR compliant by May 25th. List of current Sub-processors: SendGrid for Email delivery, Twilio for SMS delivery, Amazon AWS for data storage, Paypal Pro for payment processing, Campaign Monitor for Welcome and Marketing emails.
6) RevU Online maintains security incident management policies and procedures and shall notify Customer without undue delay after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Customer Data, including Personal Data, transmitted, stored or otherwise Processed by RevU Online or its Sub-processors of which RevU Online becomes aware (a “Customer Data Incident”).
RevU Online shall make reasonable endeavours to identify the cause of such Customer Data Incident and take those steps as RevU Online deems necessary and reasonable in order to remediate the cause of such a Customer Data Incident to the extent the remediation is within RevU Online’s reasonable control. The obligations herein shall not apply to incidents that are caused by Customer or Customer’s Users.
7) Information collected by Account Owners and Users. Account owners and Users can store data that may contain Personal information in “Customer Notes”, “JobID”, “ExtraField” and “CustomField”. RevU Online has no direct relationship with the individuals whose Personal Data it hosts as part of those entry fields. Each Account owner is responsible for providing notice to its customers and third persons concerning the purpose for which the Personal Data is stored and how this Personal Data is processed.
8) Information collected by RevU Online. RevU Online collects the name, email address, mailing address, mobile phone number, and credit card information upon signup. RevU Online uses this information for administrative purposes and billing. RevU Online may also use the information to understand and analyse usage and preferences in order to improve the product and functionality. Data is only used in anonymized or aggregated form.
9) In compliance with GDPR Article 37 RevU Online has a designated DPO available for inquiries from data subjects on issues relating to data protection practices, withdrawal of consent, the right to be forgotten, and related rights. Please contact dpo@revuonline.com. Please also visit our GDPR help guide.