Bizible's Commitment to the GDPR
Last Update: May 10, 2018
Bizible takes privacy and security extremely seriously and have built our product with this in mind from the very beginning. With the introduction of the General Data Protection Regulation (GDPR), individuals in Europe will have strengthened privacy rights through the ability to restrict, export, delete, and modify their Personal Data, and Data Processors like Bizible will provide more transparency into the purpose and intended use of the Data.
Bizible's Commitment to GDPR Compliance
GDPR is a new privacy regulation in Europe that goes into effect on May 25, 2018. It places large requirements on what type of data from European citizens we can collect and store and how we will collect and store. Bizible will be fully compliant with these new regulations by the statutory deadline to ensure that all of our customers and prospects in Europe enjoy the full protections afforded by the new laws.
As we approach May 25, 2018, Bizible is highly focused on GDPR compliance efforts and will be making necessary changes to the Bizible infrastructure to ensure we’re compliant. The Information Security Team has evaluated and reviewed all requirements set forth by the GDPR and is taking the necessary action to ensure that we handle customer data in compliance with these regulations by the deadline. You may notice changes to Bizible’s product, website and documentation—these changes are necessary to ensure our compliance. As customers and data subjects, you should expect to receive notifications of changes to our terms and policies within the Bizible application and on the Bizible website.
1. Lawfulness, Fairness, and Transparency
i. We will only process data as needed for our customers for the purposes expressly laid out in our customer engagements and in our publicly-facing privacy policies
2. Purpose Limitations
i. We will only collect data for the purposes of marketing attribution, analytics, and optimization in conjunction with our customer agreements and published policies. We will not use personal data for any other purpose
3. Data Minimization
i. We will only collect the minimum amount of data required to perform our service. The personal data Bizible collects is limited to email address, IP address, and cookie data—all of which serve a fundamental role in our solution
i. We will support the data subject's right to rectification allowing them to ensure Bizible data is accurate either through a direct request to Bizible or to our customers
5. Storage Limitations
i. All data subject data will be deleted within 30 days after the termination of a customer engagement
6. Integrity and Confidentiality
i. Bizible takes strong measures to ensure that our data is secure and protected by designing for security, employing frequent security scans and penetration tests, and leveraging industry standard technologies to ensure that our data is safe.
ii. All personal data will be encrypted at rest and in transit
GDPR Rights and Requirements
The below is a partial list of the key rights and requirements Bizible will support through our GDPR compliance. Bizible will support all aspects of the GDPR and thus this is not an exhaustive list.
The right to data portability
The GDPR requires that individuals can request and receive their personal data from controllers in a structured, commonly used, and machine-readable format. Data subjects have the right to transmit that data to another controller.
The right to rectify inaccurate or incomplete personal data
The GDPR requires controllers who process personal data to enable data subjects to request rectification of "inaccurate personal data;" and the completion of "incomplete personal data."
The right to restrict the processing of personal data
Under the GDPR, data subjects may request a temporary restriction of processing activities utilizing their personal data in certain circumstances, for example if a data subject objects to the processing of that data, but the controller has a legal requirement to retain it.
The right to erasure of personal data ("right to be forgotten")
The GDPR requires that a controller processing personal data must enable data subjects to exercise their rights by giving them a way to submit requests to erase their personal data.
Privacy by design and privacy by default
The GDPR requires controllers who collect or process personal data to ensure that their activities and supporting technology are built to include data protection and data privacy principles.
Secure personal data
The GDPR requires controllers who process personal data to maintain a high standard of security.
Detect and respond to data breaches
The GDPR requires controllers to maintain appropriate technologies and processes to secure personal data and defend against personal data breaches. If a personal data breach does occur, a controller may be required to quickly notify regulators and may also be required to notify affected data subjects within 72 hours. Data processors will also be required to notify their customers, the controllers, without undue delay after first becoming aware of a data breach.
International Data Transfers
Bizible maintains certifications with both the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield, which ensures companies comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States.
If you have any questions about Bizible’s commitment to GDPR, we hope that you’ll reach out to us at firstname.lastname@example.org. We’ve provided additional resources should you have any questions in the meantime. The latest changes will be reflected as applicable:
Bizible Application (Customers only)