What is the GDPR?
The European Union General Data Protection Regulation (GDPR) is a regulation that protects European citizens with a unifying set of privacy laws for all EU member states. Made effective in late May 2018, GDPR will not only mean architectural changes to how software providers like Upvio treat your data, but also implements a slew of processes and ongoing audits to instill constant vigilance as custodians of user data. Upvio cares about your data security and we are dedicated to compliance with GDPR.
Upvio is a proudly global company. We provide meeting scheduling and bookings globally, and we can’t control who signs up to our software and where. We already have many users from the EU and we want to ensure that they receive the protection established under GDPR, as we are bound to do. The GDPR makes a lot of practical and ethical sense, and is considered to be one of the most stringent privacy regulations. So by making sure we are compliant with GDPR we also tick the boxes of many other national regulations.
How will I be affected?
As of the entry into force of this privacy regulation, you will benefit from the GDPR system. Your rights are detailed below.If you collect customer data usinthUpvio’s service, GDPR may apply to you; be sure to inquire about the implications that this may have for you and your business.
Good security practices
We, at Upvio, apply GDPR-compliant organizational and technical security policies and we would recommend you do as well. For example, all data is encrypted at rest using AWS and we use managed encryption keys to ensure that if the data is compromised it cannot be deciphered. Upvio also uses HTTPS connections to ensure that we are always secure.If you are an individual user, we recommend you follow these security recommendations issued by the University of Berkeley: [https://security.berkeley.edu/resources/best-practices-how-to-articles/top-10-secure-computing-tips](https://get.cogsworth.com/privacy#). All employees of Upvio have been made aware of the GDPR compliance practices, and have been provided an updated contract with GDPR statutes included. All future employees will receive such a contract by default. Our contractors are required to sign contracts to ensure that they apply the same level of security as us to your data. By implementing these actions we are ensuring that our staff do not engage in bad practices. Ongoing audits will also maintain these standards.
Data collected by Upvio
We collect limited external information from youI. If you need to make specific GDPR enquiries, please get in touch via [firstname.lastname@example.org](mailto:email@example.com). Upvio only collects the data that it needs to provide you with its service. The data we collect is the following:
a) The data about you and your business
Your profile picture
Your business name
Your business operating addresse
Your website address
Your business hours
The services you provide
The price you charge for these services
The duration of these services
The currency you use
Details about the device you use to access our website and service
Place of employment
date of birth and gender
Your individual preferences in respect of the services we provide you
Demographic information – normalised through Google Analytics - you can opt out here https://tools.google.com/dlpage/gaoptout;
Details as to whether you have taken up any products or offerings we have made;
Whether you have a connection with others whose personal information we may collect or hold such an employee in your Upvio account;
What, how and when you have dealt with us or expressed an interest in buying from us;
Any stated preferences for our products or services you have provided to us;
Custom information which our users set in a custom field in the Upvio booking system and which you may be invited to complete as part of requesting a booking or other service.
Mouse tracking and session recording - may used to track how you interact with our software
b) the data you provide about your customers
When you use our service, they may complete a customized form with data from participants to the scheduled events. We collect this data in order to schedule the event, and delete it immediately after. Our users may request Sensitive Information from you if those users fill in custom fields in a Upvio booking page. Our Terms only permit our users to request this information if the information is necessary for their business. Your Sensitive Information may be stored on a central database encrypted.
c) Information from your system
Why we collect this data
We need the data we collect for the following reasons:
- To deliver our products and services to you;
- To respond to individual and company requests;
- In connection with your attendance or participation in scheduled events
- To manage our relationship with you,
- Evaluate our business performance and build our customer database
- To provide you with relevant information about our products, services, functions, events or activities
- To process transactions
- To enable you to participate in promotions, competitions, surveys and / or enable you to subscribe to mailing lists/newsletters and interact or follow our social media pages, including Twitter, Facebook and Instagram;
- To ask for your feedback and to address any requests you may regarding our services;
- To conduct research, compile or analyse statistics relevant to the operations of our business;
- To facilitate our internal business operations, including fulfilment of any legal and regulatory requirements;
- To create backups of our business records;
- To maintain a customer database or similar record;
- For direct marketing purposes;
- To manage and optimize our Website. This helps us run our Website more efficiently and give you a better experience online. Further improve your experience in using our Website;
- To enable our users to offer the Upvio service to their customers or potential customers, including for making bookings and reservations
If you choose not to provide us with the data we request, you may experience the following inconveniencies:
You may not be eligible for latest offers. You may not be able to upgrade or take advantage of latest plans and features. You may have sections of the app locked away from you. You may risk having your account not being backed up. When we collect your data. We collect data about you at the following events:
When you contact us over the phone, email or chat;
When we provide you with our services via telephone, our website or via Upvio;
When we provide you with assistance or support for our products or services;
When you participate in our functions, events, activities or social media pages;
When you request that we provide you with information concerning our products or services; and
You complete any forms requesting information from you, complete any survey or provide feedback to us concerning our products or services.
Where practicable we will only collect information from you personally.
How long we keep your data
Form data is stored on AWS in a GDPR compliant fashion, and erased shortly after valid appointments have taken place. Exercising your GDPR rightsIf you wish to exercise your right to:
- Obtain a copy of your dataRectify your data
- Erase your data
- Restrict processing or your data
- Portability of your data
- Object to the processing of your data
- Limited automated decision making / profiling
Please contact [firstname.lastname@example.org](mailto:email@example.com) from the email address that is the owner of your Upvio account, stating your requests clearly.
If you wish to contact us in relation to personal data matters, please write to us – at your convenience on one of the following addresses:
Privacy Officer Cogsworth International Pty Ltd
C/- Piper Alderman Lawyers
Level 23, Governor Macquarie Tower One Farrer Place,
Sydney NSW 2000
You may also contact the supervisory authority of your place of residence. Third Party Service Providers and Data Control.Our integration with Google and Office 365 calendar uses the secure Auth 2.0 authentication protocol. [https://auth0.com/docs/compliance/gdpr](https://auth0.com/docs/compliance/gdpr)Infrastructure security Upvio is hosted on Amazon Web Services. We are constantly improving our architecture and security and may on occasion employ penetration testers to help ensure our systems are suitably secure. We use information from third party services such as Google Analytics to help. For more information on how AWS keeps your data safe, you can read their terms here. We also agree to only transfer your data outside of the European Union, where we have taken measures to ensure GDPR compliance within the areas where this information is being transferred.In case of a data breachShould you suspect any unlawful or otherwise unauthorized activity in relation to your Upvio account, please email us immediately: [firstname.lastname@example.org](mailto:email@example.com)In the unlikely eventhat Upvio or its third party affiliates suffers a data breach, we will notify the competent supervisory authority within 72 hours of becoming aware of it; we will also notify you in compliance with the GDPR rules. The information we provide to the Supervisory authority will be: The type of personal data breach, including: The type and estimated number of individuals affected; andThe type and estimated number of personal data records concerned. The name and contact details of a point of contact where further information can be obtained, such as that of the data protection officer (DPO); The possible outcomes of the personal data breach; and A list of measures taken or being taken to deal with the breach and appropriate measures taken to mitigate any adverse effects.Further important information about Upvio’s activityTarget audience:Upvio is not a service intended for children, and is not meant to be used by children. We also do not show or trade any explicit content that would be objectionable to children should they stumble upon the site. No sensitive data collectedUpvio does not collect sensitive data by default as defined by articles 9 and 10 of the GDPR and we do not expect to receive any. You, as a Upvio customer may use the custom form builder to collect data that is compliant with GDPR laws. Upvio is HIPAA compliant, and does take extra steps to purge all custom form data collected 24 hours after a scheduled appointment has taken place.New featuresEverytime we create a feature or add functionality that is outside of the consent you provided us, we will prompt you to agree to the updated consent conditions; explicitly and in simple English.Data TransfersIn compliance with GDPR, we only transfer your data to countries that have a level of protection of personal data equivalent to GDPR and approved by the European commission.Third Party affiliates who process data for UpvioBelow are list of the services that we use to run Upvio and their respective locations. We ensure safe harbour between these providers. Amazon Web Services United States of America
Heroku United States of America
Cloudflare United States of America
Google United States of America
Plivo United States of America
MailchimpUnited States of America
United States of America
Mongo DB United States of America
Pipedrive United States of America
Webflow United States of America
Papertrail United States of America