Data Protection and Privacy
Scheduled Connect’s Commitment to Data Protection
At Scheduled Connect, we are dedicated to upholding the highest standards of privacy and data protection. This commitment involves continuously developing and reviewing our policies, processes, and procedures to ensure compliance with relevant data protection laws, including the European Union (EU) and United Kingdom (UK) General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the e-Privacy Directive as implemented in the Member States of the EU. We are also vigilant in evaluating our compliance with other data protection laws globally and make necessary adjustments to our privacy program accordingly.
To support our compliance efforts, we have enlisted the expertise of privacy professionals. With their assistance, we are actively ensuring that our practices meet the requirements of applicable data protection laws and enabling our customers to fulfill their obligations as data controllers.
Understanding GDPR
The GDPR represents a comprehensive privacy and data protection law that came into effect on May 25, 2018. It aims to regulate the processing of personal data of individuals within the EU, affecting businesses outside the EU with no physical presence in the region. Non-compliance can result in significant fines. The UK GDPR mirrors its EU counterpart, reflecting the UK’s post-Brexit data protection landscape.
Scheduled Connect’s GDPR Compliance
While there’s no formal GDPR certification yet, Scheduled Connect is committed to aligning with GDPR standards. Our dedication to data protection is reflected in the rigorous measures we’ve taken to ensure the safety and privacy of personal data entrusted to us.
Data Processing Addendum (DPA)
Scheduled Connect offers a Data Processing Addendum, aligning with our Terms of Service, to meet GDPR obligations. This DPA, available at [insert your DPA link here], outlines the responsibilities and terms under which we process data on behalf of our customers in compliance with GDPR and other relevant laws.
Vendor Relationships and Data Protection
We conduct thorough due diligence before engaging with any service providers to ensure they meet stringent data protection standards. Our vendor management process includes the implementation of robust contractual protections and a detailed DPA that our service providers are required to sign.
Transferring Personal Data
Scheduled Connect takes necessary measures to protect personal data when transferring it outside the EEA or UK to countries not recognized by the European Commission or UK Secretary of State as providing an adequate level of data protection. This includes using Standard Contractual Clauses (SCCs) or other approved mechanisms.
GDPR and Our Customers
While Scheduled Connect’s compliance with GDPR is a priority, it’s essential for our customers to understand that compliance is a shared responsibility. Customers, as data controllers, must ensure their data handling practices are GDPR-compliant. We provide resources and guidance, including our GDPR Readiness Guide, to assist in this process.
Rights Under GDPR
Scheduled Connect supports the rights afforded to individuals under GDPR, including the right to be forgotten, data portability, and access to personal data. We encourage our customers to familiarize themselves with these rights and implement processes to support them.
Consent and Data Processing
Under GDPR, consent must be explicitly obtained for data processing activities, with clear mechanisms for individuals to express consent. Scheduled Connect advises against using pre-ticked opt-in boxes as a method of obtaining consent.
Conclusion
Scheduled Connect is committed to ensuring that our services are used in a manner that is compliant with GDPR and other data protection laws. Our approach includes ongoing assessments, adjustments to our privacy program, and resources to support our customers in their compliance efforts.
For further details on how we handle personal data and support GDPR compliance, please visit our dedicated GDPR section.