Data Privacy & GDPR
We take your privacy very seriously and have adopted the Privacy by Design principles that underpin GDPR. We’ve done this, not just to comply with GDPR, but because it is good business practice. What’s great about GDPR is that it has given clear guidelines on what is required.
Want to know more about GDPR and the benefits? Read this blog post.
3 areas where we are addressing GDPR internally
Updated GDPR-compliant processes
We’ve implemented internal processes that support the specific GDPR requirements, but also updated other customer facing processes. We’ve used the free examples in Elements.cloud because we use it internally #drinkingourownchampagne.
Built Data Inventory with categorized fields
We use a number of apps to run our business with the Salesforce platform as the core app for our customer data. We’ve used Elements.cloud to build Ref Models for each app to categorize all the fields where we hold Personal Data. It’s a Pro feature in Elements.cloud but totally worth it.
Vendor evaluation of our app providers
We are only as good as our weakest link (app), so we have audited the suppliers of the apps we use to understand how they help us comply. For some it has been an uphill struggle and we have decided to stop using them.
Manage your Data Privacy
The type of personal information we collect
We currently collect and process your data in the following circumstances:
- You have registered to use Elements.cloud
- You have attended a webinar or event hosted or sponsored by Elements.cloud
- You have filled out a form on our website to contact us, sign up for emails or download content
- We have identified that your business could benefit from a Change Intelligence Platform and that you may be the correct person at your business to speak to about it
- We have identified your business as a potential partner of Elements.cloud
We collect and process the following information:
- Personal identifiers relating to your role at your business
- Contact details such as email address and telephone number
- Cookies for analytics and site experience
- Data about your business
- IP Address
We use the information that you have given us for sales, marketing, performance of contract and other business activities. Under the UK General Data Protection Regulation (UK GDPR), the lawful basis we rely on for processing this information is either:
- Your consent. You are able to remove your consent at any time. You can do this by completing the form below
- We have a contractual obligation.
- We have a legitimate interest.
We may share this information with select partners in the case of shared sales and marketing activities e.g. A co-sponsored event or content piece.
How we store your personal information
Your information is securely stored or processed in the following tools:
- G Suite
- Gravity Forms
Under GDPR you are able to make different requests which must get a response within 30 days.
- Subject Matter Access (Articles 15 & 19): to tell you where we hold your data
- Right to Rectification (Articles 16 & 19): you need us to correct inaccurate personal data
- Erasure “right to be forgotten” (Articles 17 & 19): you want us to delete all the personal data we hold, provided we are not prevented by law
- Right of Restriction of Processing (Articles 18 & 19): this is to stop us using your personal data if we are prevented from deleting it
- Right to Receive Personal Data (Articles 19 & 20): you want to receive your data in a “structured, commonly used and machine-readable format” to pass to another company
- Right to Object (Articles 19 & 21): you object to us using your personal data for direct marketing, so essentially this is “unsubscribe”