Appointy’s GDPR readiness

Overview

After years of comments and drafts, the European Union’s General Data Protection Regulation (“GDPR”), the most comprehensive privacy regulation of the last twenty years, will take effect on May 25, 2018. Helpful information about the GDPR can be found in our GDPR FAQ. At Appointy, we welcome the transparency and will continue to ensure our customers’ data is secure, including compliance with the GDPR. We know the requirements of the GDPR are complex, and that our customers need to know if we will be ready; the answer is, yes. We have already made significant progress and are committed to being fully ready by May 25th.

Appointy's Commitment

At Appointy, we have always honored our users' right to data privacy and protection. We have never relied on advertising as a revenue stream. We have never served ads to our users. We do not serve ads even to customers using the free editions of our products. This means that we have no necessity to collect and process users' personal information beyond what is required for the functioning of our products. We’ll never market to your customers or share your information with others. You can read more about how we handle your personal information in our updated, simple to understand Privacy Policy.

Appointy’s Compliance

Data protection by design

Data protection and security is deeply integrated into Appointy. Over the years, we've screen the web change and have had the opportunity to change Appointy with the web.

Updated Data Protection Terms

We are committed to the protection of all of our customers’ data and the lawful use and processing of that data. We store and process all of our customers’ data within Europe, and have internal security policies and practices governing the access of that data to provide additional legal commitments for our customers transferring personal data. With the arrival of the GDPR, we have further updated our DPA to ensure compliance with all GDPR-specific requirements. The revised DPA supplements our Terms of Use and provides contractual safeguards to our customers for the processing of the personal data sent through Appointy, enabling these customers to be compliant with the GDPR. You can digitally sign our DPA by requesting a secure signing link here.

Compliance officers

Appointy has designated an internal Data Protection Officer (DPO) to oversee compliance. You can reach our DPO at data-protection@appointy.com.

Data breach notifications

We're confident that we have an impenetrable security infrastructure in place. However, we are committed to being fully transparent and notifying the supervisory authority and all affected parties according to the GDPR requirements, in case of a breach.

Security Practices and Controls.

Appointy gives utmost importance to Data Security and Privacy. We obtained our ISO 27001:2013 certification in 2017, and do regular internal and external audits of our security infrastructure and organisational controls. We use the most secure data centers, with the most security certifications and SOC reports. Our systems were designed to automate scans that regularly check for security vulnerabilities and make us aware of issues that would require additional review by a member of our security team. As a result, Appointy has a firm security foundation.

Data subject rights

Appointy has enacted policies to protect users’ rights. We allow Appointy users to opt-out of our notifications, and are ready to respond to any data access requests from our users. All users would also have the ability to export and transfer their data.


Frequently asked questions

The General Data Protection Regulation (GDPR) is a new European privacy law due to become enforceable on May 25, 2018. The GDPR will replace the EU Data Protection Directive, also known as Directive 95/46/EC, and is intended to harmonize data protection laws throughout the European Union (EU) by applying a single data protection law that is binding throughout each member state.
The GDPR applies to all organizations established in the EU and to organizations, whether or not established in the EU, that process the personal data of EU data subjects in connection with either the offering of goods or services to data subjects in the EU or the monitoring of behavior that takes place within the EU. Personal data is any information relating to an identified or identifiable natural person.

Appointy compliance, operations, and security teams have been reviewing everything that Appointy already does to ensure it complies with the requirements of the new GDPR. We have established data protection team who would solely responsible for implementing and keeping a check on controls and procedures to ensure data security, integrity and compliance with all applicable data privacy and protection laws. We have also been working with customers around the world to answer their questions and help them prepare for after the GDPR becomes enforceable. We can confirm that Appointy GDPR ready.

In addition, we have a new Data Processing Agreement (GDPR DPA) that will meet the requirements of the GDPR. This GDPR DPA is available to all Appointy customers to help them prepare for May 2018. For additional information on the GDPR DPA, or to obtain a copy, please write to us at data-protection@appointy.com.

Appointy maintains a high bar for security and compliance across all of our operations. Security has always been our highest priority – truly "job zero." Our security provides the foundation for our recognized certifications and accreditations, demonstrating compliance with rigorous international standards, such as ISO 27001:2013, and Cyber Essentials (UK). Additionally, we host our services on the best-in-industry cloud services provider with more certifications than any other such provider. This provides customers with additional assurances regarding their ability to fully control their data in a safe, secure, and compliant environment when they use Appointy.

Yes, Appointy complies with the General Data Protection Regulation (GDPR). This means that, in addition to benefiting from all of the measures that Appointy already takes to maintain services security, customers can employ Appointy as a part of their GDPR compliance plans.

For those that have already implemented a high bar for compliance, security, and data privacy, the move to GDPR should be simple. For those who are yet to start their journey to GDPR compliance, we urge you to start reviewing your security, compliance, and data protection processes now to ensure a smooth transition in May 2018. Here are some of the key points that you should consider for GDPR compliance:

  • Territorial Reach: Determining whether the GDPR applies to an organisation’s activities is essential to ensuring that organisation's ability to satisfy its compliance obligations. The GDPR applies to all organisations that are established in the EU. However, depending on your activities, the GDPR may also apply to you if you are established outside the EU.
  • Data Subject Rights: The GDPR enhances the rights of data subjects in a number of ways. For example, data subjects have the right to object to the processing of their data and they have the right to data portability. You will need to make sure you can accommodate the rights of data subjects if you are processing their personal data.
  • Data Breach Notifications: If you are a data controller, you will need to report data breaches to the data protection authorities without undue delay. Appointy will notify you without undue delay if we are aware of a breach of our security standards relating to the Appointy.
  • Data Protection Officer (DPO): You may need to appoint a DPO who will need to manage data security and other issues relating to the processing of personal data.
  • Data Protection Impact Assessment (DPIA): You may need to conduct, and in some circumstances you may be required to file with the supervisory authority, a DPIA for your processing activities. This will need to identify your data handling procedures and processes, as well as the controls in place to protect personal data.
  • Data Processing Agreement (DPA): You may need a DPA that will meet the requirements of the GDPR particularly if personal data is transferred outside the EEA. Appointy offers customers a GDPR DPA that is available on request to help customers prepare for next May.

Yes. Appointy offers a GDPR-compliant Data Processing Agreement (DPA), enabling you to comply with GDPR contractual obligations. For more information on how customers can enter into the Appointy Data Processing Agreement, please write to us at data-protection@appointy.com.

You can contact us directly with all your queries regarding GDPR. You can write to us at contact@appointy.com.

Yes, we do. Like any other software services provider, we employ resources from different providers and vendors to develop and provide you a great service and customer support experience. Full-list our sub-processors can be found in our DPA.

Appointy gives utmost importance to Data Security and Privacy. We obtained our ISO 27001:2013 certification in 2017, and do regular internal and external audits of our security infrastructure and organisational controls. We use the most secure data centers, with the most security certifications and SOC reports. Our systems were designed to automate scans that regularly check for security vulnerabilities and make us aware of issues that would require additional review by a member of our security team. As a result, Appointy has a firm security foundation.

All the information and data that you store and generate from Appointy is already encrypted at all times. All data processed by us is encrypted at rest and in transit.

Appointy allows for the deletion of content by customers on demand, using delete feature at various spots in Appointy application. You can also submit your data deletion request to us, and we would help out. You can submit your requests to contact@appointy.com.

There are numerous resources to give you more information about the GDPR. We recommend visiting the GDPR’s official website, the European Data Protection Supervisor, or the Data Protection Commissioner. Additionally, you can read the full GDPR legislation here.


Have any other questions?

If you have questions about Appointy or the sign up process, Please email us at contact@appointy.com and we will be glad to answer all your questions

Sign up for a free trial today

Get a free 14 day trial with all features. No strings attached. No credit card required.


appointy-admin-screen
Copyright 2018 © Appointy. All rights reserved.