B2L’s commitment to GDPR

Our pledge to data protection and right of individuals to data.

GDPR Overview

Control over personal data is a fundamental right of every individual. With organizations across the world collecting customer data to enable them to provide services, it becomes important that companies manage data in a transparent manner with the customer’s consent.

GDPR, stands for “General Data Protection Regulation”. It is one of the most important changes made to data privacy regulations in the last two decades. It establishes a new framework for handling and protecting the personal data of EU-based residents and is in effect since May 25, 2018. It provides the citizens of the EU greater control over their personal data and assures them that their information is protected.

What is personal data?

Any data that relates to an identifiable or identified individual. GDPR covers a broad spectrum of information that could be used on its own, or in combination with other pieces of information, to identify a person. Personal data extends beyond a person’s name or email address. Some examples include financial information, political opinions, genetic data, biometric data, IP addresses, physical address, sexual orientation, and ethnicity.

Our commitment to GDPR

We are fully GDPR compliant since the 25th of May 2018. Over the past few months, multiple internal teams have been working towards making sure that we are aligned to the GDPR. We’ve built product features for greater privacy and data control. You can learn about our organization wide efforts for GDPR here

Our privacy, security and data storage policies are also streamlined with the GDPR goals and objectives. Know more about the privacy and security policies here

GDPR Readiness Initiatives at B2L

B2L is committed towards upholding the underlying principles of GDPR and here are some of the initiatives we’ve undertaken.


Accountability

At B2L, there exists an established Privacy Policy created with support from our leadership. Our leaders commit to support and provide guidelines for data protection compliance through a set of standard policies and procedures.


Privacy by Design and Default

Programs, projects, and processes at B2L are aligned to Privacy Principles right from the inception of an idea or project, thereby supporting Privacy by Design and Default principles.


Rights, Subject Access, and Communication

The GDPR program thoroughly evaluates how fieldforce, both as a data controller and processor, is placed with its existing procedures for readiness to:

  • Provide rights of individuals under GDPR
  • Assist customers in responding to data access requests from individuals.

Features built for GDPR readiness

B2L is committed towards upholding the underlying principles of GDPR and here are some of the initiatives we’ve undertaken.


Right to be Forgotten

Fieldforce lets you delete customer/agent data permanently. You can delete the customer/agent’s profile and all the data associated with it like tickets raised by them, team huddle discussions, phone conversations, chats, satisfaction ratings provided, topics created and discussions in forums.

A delete or an export request from a customer would have to be routed via the admin who validates if the requestor is genuine. Following area is cover this rights:

  • End-User Profile Deletion: FieldForce currently supports the deletion of end-user profile information with an option of soft delete as well as permanent delete which will erase all associated data like tickets, forums, calls and so on.
  • Agent Profile Deletion: We currently support the deletion of Agent profile information with soft delete and permanent delete options where all their contributions like knowledge base articles, tickets and team huddle discussions are anonymized and all PII (Personally Identifiable Information) is deleted forever.
  • Ticket Deletion: Users of FieldForce can delete tickets. In doing so, all team huddle discussion associated with the ticket are deleted along with it.
  • Attachment and Image Deletion: Customers can delete attachments and images by deleting the support tickets to which those attachments and images are attached.

Right to Portability

Our products supports export request from customers. A customer can export user contact details, tickets of the user, for which the user has been given with the respective APIs.

An export request from a customer would have to be routed via the admin who validates if the requestor is genuine. Customers can leverage the following APIs to assist with their GDPR compliance efforts on data portability:

  • User Profile: Our Products currently supports the deletion of end-user profile information with an option of soft delete as well as permanent delete which will erase all associated data like tickets, forums, calls and so on.
  • Tickets of the User: We currently support the deletion of Agent profile information with soft delete and permanent delete options where all their contributions like knowledge base articles, tickets and team huddle discussions are anonymized and all PII (Personally Identifiable Information) is deleted forever.
  • Forum contributions of the User: Users of Our Products can delete tickets. In doing so, all team huddle discussion associated with the ticket are deleted along with it.

Right to Rectification

The GDPR includes a right for individuals to have inaccurate personal data rectified or completed if it is incomplete. End-users and agents in FieldForce can rectify any errors in their personal data by editing their profiles.