GDPR – A New Era in Privacy Regulation

Learn more about how the GDPR affects Snap Schedule 365 and our commitment to GDPR compliance.

The General Data Protection Regulation (GDPR) introduces a new privacy era that strengthens the rights of individuals. This regulation defines the obligations of organizations that collect, store, and process personal data belonging to European Union (EU) residents.

In addition to our own compliance as a data processor, we are committed to helping our customers comply with GDPR requirements that may apply to their use of Snap Schedule 365 Software-as-a-Service.

OUR COMPLIANCE WITH THE GDPR

Privacy by Design

We have integrated privacy by design principles into our software development process to guide how we build products and operate our services. In designing Snap Schedule 365, we focus on satisfying all legitimate business objectives while protecting privacy. When faced with a design choice, we default to giving more control over privacy rather than less.

Data Protection

We maintain appropriate technical and organizational measures for protection of the security (including protection against unauthorized or unlawful processing and against accidental or unlawful destruction, loss, alteration or damage, unauthorized disclosure of, or access to Customer Data.

Security

We have security built into every layer of Snap Schedule 365 and use Microsoft Azure cloud platforms which come with proven physical security, IT security, replication, backup, and disaster recovery planning.  Refer to Microsoft Trust Center for more information.

Confidentiality

We take commercially reasonable steps to ensure that any person who is authorized by us to process Customer Data (including our staff, agents and subcontractors) shall be under an appropriate obligation of confidentiality (whether a contractual or statutory duty).

Accountability

We offer customers a robust data processing addendum containing strong security and privacy commitments that few software companies can match. The data processing addendum is our contractual obligation to process data in a GDPR compliant manner.

Transparency

We are committed to always being fully transparent. We do our very best to protect your data, though the unexpected could happen. In such cases, we will notify you, the supervisory authority and all affected parties according to the GDPR requirements.

FREQUENTLY ASKED QUESTIONS

No, there is not currently a GDPR certification issued by the European Commission. After the GDPR goes into effect on May 25, 2018, we will monitor any new development from the European Commission regarding official certification.

The GDPR applies to both data controllers and processors. Controllers collect data from the end-user that is the EU resident, for purposes clearly stated and with appropriate consent. A data controller is the entity/person that determines purposes and means of processing personal data of the EU resident. Data processors provide services to the controller in accordance with each controller’s instructions. Another category called sub-processors or third-party businesses performing data processing for other companies are also accountable for protection of personal data, according to the GDPR

If you sign up for a Snap Schedule 365 subscription and use the software to schedule your employees, you are the data controller for the personal data of your employees. We, the Snap Schedule 365 service provider, are a data processor and we use subprocessors like Microsoft Azure to provide cloud hosting and other services.

The DPO is responsible for informing employees of their compliance obligations as well as conducting monitoring, training, and audits required by the GDPR. A DPO needs to be appointed if you:

  • process large amounts of personal data
  • carry out large scale systematic monitoring of individuals or,
  • are a public sector authority

Data protection​ ​by​ ​design​ means incorporating privacy features and functionality into products and services from the time they are first designed.

Data protection​ ​by​ default means, businesses must implement appropriate measures to mitigate privacy risks at the time of collection of the data and extending it to  the time of processing it.

Yes, for most paid customers this can be done at time of account provisioning. You can ask to have your data to be kept in a Microsoft Azure data center in the US or in a European Economic Area, the UK..

Click here view a copy of the Snap Schedule 365 Data Processing Agreement..

You can view a copy of the Snap Schedule 365 Application Privacy Policy here.

You can view the Snap Schedule 365 Subscription Agreement here.