General Data Protection Regulation
General Data Protection Regulation (GDPR) is a European Union regulation that establishes a new framework for handling and protecting the personal data of EU-based residents. It is the most comprehensive EU data privacy law in decades and comes into effect on May 25, 2018.
Besides strengthening and standardizing user data privacy across the EU nations, it will require new or additional obligations on all organizations that handle EU citizens’ personal data, regardless of where the organizations themselves are located.
GDPR is intended to offer protections for you or any identifiable natural person (the “Data Subject”) regarding your information (your “Personal Data”). You, as a Data Subject, have broad rights, whether you are identified directly or indirectly through interaction context in which your information was captured.
Your rights under GDPR
Under GDPR, you opt in to have an organization (the “Data Controller”) process your Personal Data. Data Controllers must obtain your consent before they can process your data.
Special Categories of Data
Unless specifically authorized, GDPR prohibits processing of certain special categories of data such as race, ethnicity, political and religious beliefs, sexual orientation, genetic and biometric data. EverReady.ai does not acquire or process any data belonging to these categories.
Right of Access
If you consented to a Data Controller processing your Personal Data, you may then request the following:
A copy of the personal data undergoing processing
Purpose of processing
In particular, if automated decision-making or profiling takes place, and if so, the logic involved, significance and likely consequences of such processing
Categories of data processed (e.g., name, address, online browsing behavior)
Any third party recipients of this personal data, both backward or forward looking, especially recipients in third party countries (i.e. countries outside of the EU)
Any third party sources of Data Subject’s personal data (i.e. not collected from the Data Subject directly, for instance by purchasing said data from another source that previously collected the data directly)
How long such Personal Data would be stored, or if that’s not determinable, how the length of this period would be determined
- Data rectification
- Data erasure
- Restriction of data processing
- Objection to data processing
- Right to Rectification
You, as a Data Subject have the right to have any errors on inaccuracies of Personal Data corrected. Your Data Controller shall implement such requests without undue delay.
Right of Erasure
You have the right to have your Personal Data erased or forgotten. Your Data Controller shall remove your personal data and confirm deletion via a notification to you. Data Controllers are also required to maintain these transactions.
Right to Data Portability
You have the right to have your Personal Data exported and provided to you in complete form.
In the event of a data breach and your Personal Data is compromised, your Data Controllers are required to notify you at least within 72 hours.
EverReady.ai’s Commitment to Protecting Your Personal Data
EverReady.ai is committed to partnering with its customers and users to ensure that EverReady.ai is fully compliant with the requirements of GDPR. EverReady.ai recognizes your rights under GDPR and will ensure that these rights are honored, and your Personal Data is protected. EverReady.ai’s product and security teams are working diligently to bring EverReady.ai’s product offerings and contractual commitments in line so our customers, prospects, users and others that interact with EverReady.ai are compliant before the May 25, 2018 deadline.
Measures to achieve this include:
- Additional investments in our security infrastructure
- Support and maintenance of our Privacy Shield self-certification
- New clarity on procedures for consent, data portability and privacy preference enquiries
We’ll also continue to monitor the guidance around GDPR compliance from privacy-related regulatory bodies, and will adjust our plans accordingly if it changes. We’ll provide you with regular updates along the way so that you’re always current.
Our Security Infrastructure and Certifications
Protecting our customers’ information and their users’ privacy is extremely important to us. As a cloud-based company entrusted with some of our customers’ most valuable data, we’ve set high standards for security.
If you would like to learn more about EverReady.ai’s security policies and procedures, please see our security page.
International Data Transfers: Privacy Shield and Contractual Terms
In addition, we offer European Union Model Clauses, also known as Standard Contractual Clauses, to meet adequacy and security requirements for our customers who operate in the EU.
EverReady.ai as Data Controller vs Data Processor
Your personal data may enter EverReady.ai’s processing scope in multiple ways. Based on how your personal data is consented to, who has control over the data and has responsibility for protecting and administering your rights, EverReady.ai is either a Data Controller or a Data Processor. This section describes EverReady.ai’s role as both a Data Controller and Processor, and explains how you can interact with EverReady.ai in either role.
Role of EverReady.ai as a Data Controller
When you interact with EverReady.ai via its marketing and sales development outreach programs as a website visitor, webinar participant or asset downloads, EverReady.ai is the primary Data Controller from GDPR perspective. In these cases, EverReady.ai is responsible for obtaining your consent and providing means for exercising your data rights.
Personal Data you submit during registration, such as your name, email, phone number and your address.
Any other Personal Data that EverReady.ai obtains via sources to which you have already provided consent. EverReady.ai may use data from these sources for data identification and enrichment. As an example, if you provided only email and company name to EverReady.ai, EverReady.ai may use another service to identify your business contact phone, or your title, so long as such information was submitted by you to the third party service.
When you interact with web forms and similar registration pages at EverReady.ai’s website (or partners that we collaborate with), we will request explicit consent prior to you submitting your Personal Data.
When Sales Development Representatives contact you and you provide information to us, and you consent to us for using the information we obtained from you.
EverReady.ai also ensures that any additional data it procures from third party services is obtained by that third party after obtaining your consent.
If you had previously provided consent to EverReady.ai to collect your personal data, you may choose to withdraw that consent at a later point. Please send an email request to gdpr@EverReady.ai and we will implement the request, and provide a confirmation of your consent withdrawal via a reply email to your email address. The acknowledgement email will also provide you consequences of withdrawing your consent.
During the course of your registration process, we may offer certain preferences that control privacy of your data. Additionally, some registration processes may offer submission of certain data as optional items. You may choose not to provide optional data, but if you do provide them, EverReady.ai will track your submissions. Additionally, EverReady.ai will honor your choices and will ensure that these preferences and optional data are part of the data that you have access to via GDPR framework based requests.
EverReady.ai does not sell your Personal Data to any other third party organization. EverReady.ai also does not transfer the rights to your personal data to any other party nor does it use the data other than the original intent. Any transfer to a third party is solely intended for the processing of data and EverReady.ai has secured agreements with downstream Data Processors to protect Personal Data and enforce GDPR data rights for you.
As part of GDPR you have the right to request all Personal Data about you to be made available to you. We will provide:
All personal data that we have on record, including your preference choices and optional data that you submitted
How and when we obtained the data
Our use of your data
Whether any data was transferred to any other third party
To request this data, please contact gdpr@EverReady.ai and we will respond within 72 hours of your request.
Data Erasure, Accuracy and Portability
You may submit a request via gdpr@EverReady.ai to delete all data about you. EverReady.ai will comply with this request, but will use your email to send a confirmation notice that we performed the requested action.
You may submit a request via gdpr@EverReady.ai to update Personal Data that we have about you. EverReady.ai will perform this, and will use your email to send a confirmation notice that we performed the requested action. If email itself was requested to be changed, EverReady.ai will send a confirmation to both the old and new email.
You may also submit a request via gdpr@EverReady.ai to request an export of all your data for data portability. EverReady.ai will provide this information via a CSV or JSON file. Such a report will include meta-data such as when particular data was added, any updates to the data etc. – i.e., an audit trail of the data.
Data Breach Notification
We will notify you if your Personal Data was compromised via a breach using all methods contact information we have about you, within 72 hours. This includes any breach that was caused by a Data Processor that EverReady.ai has authorized to process your data.
Filing a complaint
EverReady.ai has put in place best-in-the-industry processes for providing you the rights to your personal data, per GDPR guidelines. In the event that you are not satisfied with our resolution of your requests, you have the right to file a complaint. Please submit a request via gdpr@EverReady.ai to file a complaint. You also have a right to file a similar complaint with a supervisory authority for the jurisdiction you are in and seek appropriate remediation.
Role of EverReady.ai as a Data Processor
If we are processing your Personal Data on behalf of your employer or the organization, you may submit a request via gdpr@EverReady.ai and EverReady.ai will forward the request to your employer. Any final action on the request will need to be approved by the employer (the Data Controller). EverReady.ai will assist the Data Controller in expeditiously completing the request.
When EverReady.ai processes and displays your personal data, that data was acquired from your employer or organization that you interact with. If it is personal data that you submitted to your employer, you provided consent to your employer to that data for their business purpose. If it is personal data that EverReady.ai’s customer obtained in the process of conducting business with you or your employer, they rely on your consent to use the data for business purpose. As an example, if you are a purchaser of a product from EverReady.ai’s customer, your relationship to our customer would be that of a vendor, and in furthering that relationship, our customer would have acquired your personal data.
To withdraw an earlier consent that you provided, contact your employer or the organization to which you provided the original Personal Data. EverReady.ai will not be able to alter your consent, as we are the Data Controller.
To request your Personal Data, please send a request to gdpr@EverReady.ai. For data processed by EverReady.ai, we will forward your request to your employer (the Data Controller), who will then initiate a request to provide that information. Since EverReady.ai’s role is only that of a Data Processor, EverReady.ai will not be able to provide your Personal Data directly.
Data Breach Notification
In the event of a data breach, EverReady.ai, as a Data Processor, is required to notify your employer/organization that there was a data breach. Your organization will then notify you regarding the breach, its impact and potential remedies. EverReady.ai will not notify you directly.
Data Erasure, Accuracy and Portability
To request an export or erasure or update of Personal Data held by EverReady.ai, please send a request to gdpr@EverReady.ai. We will forward your request to your employer/organization, who will then initiate a request EverReady.ai to complete the request. Since EverReady.ai’s role is only that of a Data Processor, EverReady.ai will not be able to perform these actions directly.
Filing a complaint
For filing a complaint related to personal data processed by EverReady.ai, use the complaint portal/form of your employer or organization (the Data Controller). EverReady.ai will assist the Data Controller in resolving the complaint, but will not take any action until and unless such action is authorized by the Data Controller.
List of Sub-Processors
EverReady.ai as a Data Processor has engaged the services of the following sub-processors. Some or all of your personal data may be transferred to them. All such transfers are governed by Master Service Agreements and GDPR agreements (via Data Processing Addendum) that establish the scope of processing as well as legal basis for such processing. EverReady.ai requires its sub-processors to perform the specified processing only for the purposes of delivering the services that are part of the agreement. To learn more about the GDPR initiatives of our sub-processors, please visit the web pages listed here.
Amazon Web Services, Inc.
EverReady.ai will notify your GDPR and/or administrative contact if we add any new sub-processors to the list above.