SelfGuide is a SaaS product, delivered by SelfGuide, and needs to comply the European General Data Protection Regulation (GDPR). In this article, details can be found about the personal data being processed and how this data is being handled.
What data is processed?
Using SelfGuide results in processing two types of personal data:
- User management: all users require a user account to use the platform, for this purpose the first name, last name and e-mail address is processed
- Recording data: Each Instruction consists of one or more steps, created using the SelfGuide Recorder. When recording the steps, screenshots are made which might contain personal data. Two example, the name of the editor shown within the application being used or customer details when recording a EPD application. This type of personal data can be anything, from names to phone numbers, e-mail address but also personal security numbers. The product contains functionality to censor personal data on the instruction images, it's the responsibility of the editor to use this function.
What processes and measures are in place?
As processor of personal data, several measures are in place:
- All data processed within a tenant is logically separated from other tenants, see the knowledge article about the hosting platform for more information
- Access to stored data is shielded and reserved to a selective group of employees responsible for the maintenance of the hosting platform. Special accounts are required to perform platform maintenance
- All platform access and operations are audited
- Tenant deployment and release deployment is automated, no manual actions are required for deployment and upgrade purpose
- Data is only kept as long as needed from a service and disaster recovery perspective. As soon as data is not needed and the disaster recovery period is past, data is deleted.
Do we have a data processing agreement?
No, the SaaS Conditions does arrange all necessities required by the GDPR. The Data Protection Agreement (DPA) is a fixed appendix of the SaaS Conditions and details exactly what personal data is processed, who owns the processed personal data, what SelfGuide does with the data and how a potential data leak is settled.
I have more questions, how do I get answers?
More information can be found in the Data Processing Agreement, part of the SaaS Conditions. For questions, you can contact us using the contact form.