General Data Protection Regulation (GDPR)

What is General Data Protection Regulation (GDPR) and its Significance?

The ​​General Data Protection Regulation (GDPR) was enforced by the European Union on may 25, 2018, which has revolutionised the process of strengthening privacy, security & personal data protection in an unprecedented manner. It has given the EU residents the right to privacy and data protection and has imposed responsibility both on the data processors and the data controllers.

When a business shows that it is GDPR compliance, it means that you as a user of their services are safeguarded in regards to Data Privacy and Data Protections. It upholds your rights as a controller of your data and allows you the access to grant permission being the sole controller and owner of your own data.

ThriveDesk is GDPR compliant, inasmuch it does not explicitly contradict to the laws of Bangladesh, since we are registered in Bangladesh. We strongly believe that to our customers’, their data privacy is of the utmost important factor in determining whether to subscribe to a platform like ours who deals with processing of private data. Therefore, we tend to uphold the rights and obligations mentioned in the GDPR and be compliant as much as possible.

Who is a Data Processor?

The meaning of data processor denotes to businesses or services that are engaged in processing data on behalf of someone who chooses to process the same via the service provider or data processor. 

Who is a Data Controller?

Under the GDPR a data controller is someone who supplies goods or services to EU residents, therefore, if you are selling the same via online to any EU residents then you will be subjected to compliance of the provisions laid down in GDPR and you will be considered as a data controller and you are under the obligation to subscribe only to those Data Processors who are GDPR compliant.

Stance of ThriveDesk under GDPR?

ThriveDesk falls within the meaning of a data processor as per GDPR and its customers are potential data controllers should they provide goods or services to the EU residents. Therefore, in order to reach out to the global audiences, it is imperative for ThriveDesk to be GDPR compliant.

At ThriveDesk we take serious measures to ensure data protection and customers privacy and an effort to ensure the same, followings are the GDPR compliance initiatives we take:

  • All sorts of organisational, technical and security measures are adopted at every stage of developments.
  • All the data that are in transit, stored or in rest are encrypted.
  • ThriveDesk will immediately notify with any breach of current security policies and breach of any personal data, our notification system will work around the clock without little but no rendering time and are prompt with responses.
  • Neither ThriveDesk retains any information nor it processes any data without the consent of its user or owners giving its customers full control as to how to use such data.
  • All data processing are protected in line of the European data protection standards.

We don’t do anything unless “Permission Granted” from your end!

Without your consent we do not process any data or information. We never retain your personal data related to payment and billings and as such are stored and processed by third party ISO certified payment gateways. In our cookie policy we have mentioned what types of behavioural or activity related information or data that we store or use and we are super transparent about it and nothing that we retain and use has been done without your consent.

On point Terms of Services and Privacy Policy

ThriveDesk is absolutely transparent with its terms of services and privacy policy and openly stipulates as to what personal data we collect, we tried our best to stay very clear, transparent, intelligible and concise with our terms and conditions and you are also advised to go through with the same before making the decisions.

Can you delete all your data?

Yes, you have the right to delete all your data A-Z that has piled up during your use of ThriveDesk, a simple request to remove all the information to our support team will enable the process. We will do the hard work for you, just let us know when you need to remove all your data through our support and we will immediately take the action

FYI – There is a retention period of one month through our disaster management backup system, it is structured in a way that your data may stay in the server for up-to 30 days and will automatically get deleted permanently forever. We will not retrieve this data for you in any circumstances should you have a change of heart and will only be used for disaster management.

ThriveDesk’s ideology?

In regards to data protection principles we have a strong ideology which includes but are not limited to, as follows: 

  • Collection, distribution and processing of personal data must be made in the most transparent and reasonable manner with easy readability.
  • Retention period of the data must not exceed any longer than it is necessary.
  • Everyone of the customers of ThriveDesk has the option to download or access their personal information or data or make a copy of the same whenever they wish to obtain the same.
  • Personal data can only be collected for a specific purpose and cannot be used for any other purpose except for which the consent or permission has been obtained from the customers.

Breach Management

We already have a breach management and communication plan in place to comply with the GDPR regulations concerning the escalation process and requirements for data subject notification.

Training

Our team goes through rigorous training on every last week of each quarter and we provide significant importance to screening on any potential loopholes that may jeopardise the privacy or data protection of our customers. Our system has been architecture-d in such a way that minimises any possibility of data leak from our end.

Check our Sub-Processors and Cookies Policy to know what information we retain and who are the third party processors.