The following describes the GDPR Compliance for our JustBringMeLeads.com website.
The EU General Data Protection Regulation (GDPR) is the most comprehensive change to EU data privacy law in decades. It will take effect from the 25th May 2018. The Just Bring Me Leads team is working hard to ensure our full compliance by this date.
What is the GDPR?
The General Data Protection Regulation (GDPR) (https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32016R0679) is a regulation in EU law on data protection and privacy for all individuals within the European Union. For EUR residents, the regulation aims to increase their control over their personal data. For businesses, the GDPR becomes a unifying regulation across the EU. Once the GDPR takes effect on the 25th of May, it will replace the 1995 Data Protection Directive.
Does this affect me?
The GDPR regulation applies to any EU residents’ data, regardless of where the processor or controller is located. This means that if you’re using Just Bring Me Leads from the US to reach out to other US corporations, the regulation doesn’t affect you. But if some of your customers or leads are in the EU, you should pay attention to it. In practice, most companies need to take the GDPR into consideration.
How Just Bring Me Leads is complying with the GDPR
Even though the GDPR only applies to data from EU residents, we took the decision to apply broadly the requirement of the regulation. This means we don’t restrict any privacy related feature based on the geographical location of a data subject. Here are some of the actions we’ve taken to ensure we’re compliant:
We’re taking the security of the data we manage very seriously.
The Just Bring Me Leads servers are physically secure and may only be accessed by Just Bring Me Leads’ technical or support personnel whose jobs specifically relate to maintaining the integrity of the Just Bring Me Leads servers or supporting product-related functions. Such individuals are required to maintain the security of the servers and the confidentiality of the information contained in the servers. Just Bring Me Leads takes all reasonable and appropriate steps to protect your personal information, including by encrypting such information, maintaining readily accessible steps to limit access, working to detect unauthorized access, and not storing such information any longer than we need to.
Our privacy team has analyzed the requirements of the GDPR and is working to enhance our policies, procedures, contracts and platform features to ensure we comply with the GDPR and enable compliance for our customers.
Your data is protected between you and our systems. We take multiple steps to prevent eavesdropping between you and our systems, as well as within our infrastructure. All network traffic runs over SSL/HTTPS, the most common and trusted communications protocol on the Internet. Internal infrastructure is isolated using strict firewalls and network access lists. Each system is designated to a firewall security group by its function. By default, all access is denied and only explicitly allowed ports are exposed.
If we see something, we’ll react quickly and remedy the issue. We’re not resting on our laurels. We’re always looking for potential system interruptions. If we do find something out of place, we’ll address the issue in a manner that it won’t be an issue in the future. We’ve invested in ensuring we can detect and respond to security events and incidents that impact its infrastructure.
We’re relentlessly updating our systems to protect your data. Our virtual systems are replaced on a regular basis with new, patched systems. System configuration and consistency are maintained using a combination of configuration management, up-to-date images and continuous deployment. Through continuous deployment, existing systems are decommissioned and replaced by up-to-date images at a regular interval.
Only people who need access, get access. Production system access is limited to key members of the Just Bring Me Leads engineering team and passwords are expressly forbidden. At a minimum, authentication requires two factors including asymmetric RSA public/private keys and a time-based crypto token.
Don’t just take our word that our systems are secure. We don’t. Even though we’ve designed secure systems and procedures, we regularly perform security tests to identify and remediate potential vulnerabilities. We also conduct periodic penetration tests with expert third-party vendors to help keep our applications safe and secure. These tests cover network, server, database and in-depth testing for vulnerabilities inside Just Bring Me Leads applications.
We prevent single points of failure. Even if there is an interruption to one system, the rest of our services stay up and secure. We physically separate the database instances from application servers and heartily believe in the mantra of single function servers. All login pages pass data via SSL/TLS for public and private networks, and only support certificates signed by well known Certificate Authorities (CAs). All email and CRM credential related data is encrypted while in transit as well as at rest using military grade encryption to ensure the security of user IDs and passwords. Just Bring Me Leads application passwords are hashed and even our own staff can’t retrieve them. If lost the password must be reset.
To improve, debug or prevent fraud on the service, we keep a variety of logs. We now make sure logs are destroyed at most 3 months after there collection date. We never use those logs of anything else than monitoring
The GDPR gives the right to any user to download any data that he provides to a service. This allows for easier migration to other services. We think this is a great idea and Just Bring Me Leads has always made it possible for user to download their data.
Systematic pseudonymisation of non-public data
Our applications heavily pseudonymise data to ensure the privacy of data subjects. Any attributes that doesn’t need to remain in it’s original form is truncated to remove any possibility to be linked back to a specific data subject.
Right of erasure
Because we deal with publicly available web data, information removed from a website are also removed from our database. But if a data subject wishes to speed up the removal of any in our index, we offer a simple an efficient way to claim email addresses. It is then possible to either update the data or entirely remove it.
Any other questions?
Our work related to the GDPR is still in progress and you can expect this and related pages to be updated regularly. Should you have any other question, we’re here to help: contact us.
QUESTIONS/COMMENTS/CONCERNS: If you have any questions about the contents of this page, or simply wish to reach us for any other reason, you may do so by using our Contact information.
Or, click here now to schedule a chat with us to see how we can help you grow your business.
See how our multi-touch emailing campaigns can help you to stop cold calling, and start making more sales today!
With our complete inbound lead generation, and marketing framework you can reach more decision-makers, book more appointments, and dominate your field in just months, not years.