Data Protection Regulation and its Governance in Flytxt

DISCLAIMER:This document constitutes an overview of the General Data Protection Regulation (GDPR) and how FLYTXT and its affiliate companies interpret it. This document is provided for information purposes only and does not provide legal advice. Clients and prospective clients shall consult their own legal counsel to understand the requirements of any law or regulation on their processing of personal data. FLYTXT or its affiliated companies MAKES NO WARRANTY, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS WHITE PAPER. This white paper is provided “as-is”. Information and views expressed in this white paper, including URL and other Internet website references, may change without notice. This white paper does not provide you with any legal rights to any intellectual property in any FLYTXT or its affiliate company product or products. FLYTXT and its affiliate companies reserves the right to make changes to this white paper at any time.

1 Introduction

Flytxt is the independent market leader in intelligent customer engagement technology. Flytxt’s enterprise-class software products and services generate measurable economic value by growing revenue, reducing customer churn and enhancing customer experience. Flytxt’s flagship NEON-dX is an out-of-the-box, real-time decision-making and marketing automation product that allows large enterprises to drive personalized and contextual customer engagement across digital touch points using analytics and artificial intelligence.

With artificial intelligence and analytics being leveraged in various sectors including marketing it is prudent that organizations adapt fair, accurate and non-discriminatory use of personal data. By ensuring that Flytxt is GDPR compliant, the organization is committed to continually improve standards in the use of personal data through adequate processes and controls thereby building trust with all the stakeholders and also meeting all the regulatory requirements.

Flytxt is committed to safeguard the Confidentiality, Integrity, Availability and Privacy of all physical and electronic information assets to ensure that regulatory, operational and contractual requirements are fulfilled.

Flytxt has comprehensive global information security program governing the confidentiality, integrity and Availability of data. Flytxt Information security management system is certified for ISO 27001.

Flytxt has a robust and effective data protection program in place which complies with existing applicable laws and abides by the data protection laws like GDPR. Flytxt shall always strive to continually improve by keeping abreast of the latest trends and applicable laws / regulations by updating and expanding the scope of Information security and Data Privacy /Protection.

This Guide is designed to give an understanding of how European privacy regulations – the General Data Protection Regulation (GDPR) is applicable to Flytxt and to understand the organization’s Security / Data privacy Governance and compliance mechanism.

2 Overview of GDPR

2.1 What is GDPR ?

The General Data Protection Regulation (GDPR) is a data privacy regulation that was introduced on the 25th May, 2018. It consolidates and standardizes a wide range of different privacy legislation across the EU into one central set of regulations that will protect users in all member states within the EU

GDPR shall be applicable to organizations, based both inside and outside the EU that collects and handles personal data from EU-based individuals. GDPR defines Personal data, ( personal information or personally identifiable information)  as any information relating to an individual that can be directly or indirectly identified, such as names, identification numbers, location data, online/pseudonymous data factors specific to the individual’s physical, physiological, genetic, mental, economic, cultural or social identity.

2.2 Key terms in GDPR:

2.3 Rights of Data Subject:

3 Data Processing Principles:

3.1 Lawfulness, fairness and transparency

Data shall be processed lawfully. This means either that the data subject has consented to the processing of her personal data or that the processing is necessary for the performance of various legal / contractual obligations.

  • Consent – The data subject has given clear consent to process their personal data for one or more specific purposes.
  • Contract – The processing is necessary for a contract with the data subject Controller
  • Legal Obligation – The processing is necessary in order for the data controller to comply with the law, which does not include contractual obligations
  • Vital Interests – The processing is necessary in order to save or protect somebody’s life.
  • Public Tasks – The processing is necessary to perform a task carried out in the public interest or for the official functions of the data controller.
  • Legitimate Interests – The processing is necessary for legitimate interests pursued by the data controller or a third party, except where these interests are overridden by the freedoms, interests or fundamental rights of the data subject.

3.2 Purpose limitation

Data shall only be collected for specified, explicit and legitimate purposes. Mapping data assets to a specific and legitimate purpose is therefore required.

3.3 Data Minimization

Data processed shall be adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed collected .Cleanse the data if it does not meet these criterion.

3.4 Accuracy

Data shall be accurate and where necessary, kept up to date and inaccurate data shall be erased.

3.5 Storage

Data shall not be stored longer than necessary. This means that once necessity has expired as the basis of lawful processing, the data needs to be erased.

3.6 Integrity and confidentiality

Data shall not be changed and its Integrity and confidentiality maintained. Policies and controls shall be in place to be able to demonstrate that data has not been lost, damaged or altered, destroyed or unlawfully processed.

3.7 Accountability

Accountability of the data collected, stored and processed shall be recorded.

4 Data Security Governance at Flytxt

  • Flytxt has a robust Data security governance model with a Steering committee and a Data protection officer in place to ensure compliance to the regulations.
  • Flytxt has developed a privacy policy, process, procedures and guidelines to meet the regulations.
  • Flytxt primarily is a data Processor and the data processed is based on the agreed purposes with the data controller. Flytxt doesn’t have any direct interaction with the data subject and the data processed by Flytxt is the data shared by the data controller. Only authorized personnel from Flytxt are allowed to process the data.
  • Though it is the primary responsibility of the Data Controller for the adequacy, relevance and limited nature of the data collected Flytxt being the data processor would ensure that is processed legally and in a transparent manner.
  • Flytxt in partnership with Data controllers shall ensure the provision for the data subjects to exercise their rights to request access to; information about; corrections to; deletion/destruction (erasure) of; or restrictions on associated personal data in compliance with the timing, costs, and format of information delivery requirements mandated by the GDPR. The data processed resides in controller location and Flytxt do not have access to alter the data. The responsibility of updating the data resides with the controller.
  • Flytxt doesn’t need to process or collect special categories of data. If for any reason the data needs to be collected or processed, the data controller has to provide approvals and consent from the data subject.
  • Flytxt doesn’t use the personal data collected for profiling and automated processing purposes.
  • Flytxt collects only the necessary data of the employee or contractors necessary for the successful completion of required activities. Flytxt also ensures that use of the data collected is not for any unethical or non-agreed purposes.
  • Flytxt collects and stores personal data of the employees for employment verification purposes. The data is provided by the employee/potential candidate to satisfy minimum requirements. Consent shall be taken from the employees for the same.
  • Flytxt carries out data protection impact assessments for processing activities present high risks to the rights and freedoms of individuals. These assessments generally involve identifying and documenting privacy risks raised by proposed processing, and planning mitigation measures to help control and minimize those risks.
  • Flytxt shall ensure that the contractual obligations are written down explicitly with both data controller and data processor before any data transfer. Data Processing Agreements will be made during the contract and the SLAs are mutually agreed upon.
  • Flytxt has adequate process in place in case of any breach like notifying appropriate supervisory authorities of the breach in a timely manner, and with reasons provided for any delays, providing details to the data controller so that they can in turn notify the data subjects accordingly.
  • Flytxt shall conduct periodic internal audits for data protection and information security to ensure compliance to the standards and regulations.

To know more about the Privacy policy click here

5 How to Contact :

To learn more about Flytxt’s data privacy and security policies, please contact privacy@flytxt.com

Cancel

Reset Password

Enter The E-mail Address Associated With Your Account. Click Submit To Have Your Password E-mailed To You.

Cancel
MWC2020