The European Union’s General Data Protection Regulation (GDPR) protects European Union data subjects’ fundamental right to privacy and the protection of personal data. It introduces robust requirements that will raise and harmonize standards for data protection, security, and compliance.
By nature of CustomerSuccessBox’s integration architecture, you determine what data is sent over for processing. Accordingly, your company acts as the controller and must abide to a set of core principles regarding the handling of the personal data, as outlined in the next sections of this document.
First of all, as part of the GDPR principles, you should avoid sharing unnecessary personal data with CustomerSuccessBox. Typically, the only class of personal data you should share with CustomerSuccessBox is contact information (name, business email/phone) and you should NOT share other classes of data (e.g. health-related data, sexual orientation, religion-related information) that are not relevant to managing the customer’s success with your service.
You can view the latest DPA here.