Envoy + GDPR

To provide a better experience around GDPR, the first thing we needed to understand were the different roles
Mar 21, 2018
Envoy + GDPR

The EU General Data Protection Regulation (GDPR) will go into effect on May 25, 2018. And like many companies, we’ve been working diligently to understand both what we need to do to stay compliant and how we can help you comply with this regulation when using Envoy.To do this, we examined the guidelines from GDPR and asked ourselves a few key questions—some of which your company may have been asking too, as we all get ready for this new regulation:

  1. What are the requirements of our EU customers?
  2. Are there internal policies we need to adjust?
  3. Do we need to make changes to our products?
  4. How does this affect our terms of service and privacy policy?

Customers are always first!

At Envoy, we always aim to create great experiences for our customers. This means making sure everybody can confidently use Envoy, regardless of where you do business or who you do business with.To provide a better experience around GDPR, the first thing we needed to understand were the different roles. These roles are based on how a company interacts with user data, and are defined as either data controllers or data processors. Because you’re collecting personal data for your company’s use, you are considered a data controller.Envoy is considered a data processor because we process personal data on behalf of you, our customer. As we work toward our compliance as a data processor, we’re also here to help you with your compliance needs.

Envoy + GDPR

While it’s up to each company to define their own internal practices to be compliant with GDPR, Envoy will help data controllers in two key areas:

  1. Right to erasure: Envoy customers can request that their data stored by Envoy is erased at any time. You can send an email to hi@envoy.com and the team will assist to make sure the person’s data is anonymized in our systems. We maintain a record that a visit occurred, so that visit metrics remain accurate, but we remove all personal data about the visitor.
  2. Consent to data capture: When visitors sign in, they’ll confirm that they consent to their information being collected. If they do not consent they will not sign in via Envoy. Instead, Envoy will alert a designated person at your company that a visitor is present and that they do not wish to have their data collected.
  3. Disclosures: We will also make changes to our terms of service to outline how we handle customer data and ensure that it’s easy for you to inform visitors where their data is stored.

These updates will be available to enable in Envoy Visitors by early May, before GDPR goes into effect on May 25. We’ll let you know when these features are ready and how to best use them to meet your company’s needs.

Clearing up confusion about GDPR

As the industry grapples with GDPR changes, we’ve received lots of questions from our customers. We wanted to share some of the most common inquiries we’ve heard:

Q: Does GDPR mean my customer data must be stored in the EU?

A: GDPR does not mandate where data should be stored. Article 46 of GDPR allows personal data to be transferred outside the EU if the data controller has provided appropriate safeguards. Envoy is self-certifying under the U.S./EU Privacy Shield program as part of our compliance efforts under GDPR.

Q: Do I have to purge the data if a visitor requests it?

A: Because Envoy is considered the data processor and our customer is considered the data controller under GDPR, the ultimate decision of how to respond to a request for erasure falls on the data controller (aka the customer). There is a general Right for Erasure under Article 17 of the GDPR but Customers (as controllers) should engage with their legal counsel to determine their specific responsibilities and liabilities under GDPR. Envoy cannot provide legal guidance to customers on this topic.

Q: How long will it take Envoy to purge/anonymize visitor data once I make the request to hi@envoy.com?

A: Per GDPR requirements, once Envoy has received a request from a data controller to anonymize visitor information, Envoy will respond without undue delay. Under special circumstances, Envoy may request an extension to process the request but the data controller will be notified in writing. (Details: Article 12)

Q: If we mistakenly purge/anonymize visitor data, can it be recovered?

A: When data is anonymized by Envoy, the data is no longer accessible within the production application. Back-ups are stored for up to 90 days with non-anonymized data. After 90 days, the data is irretrievable.

Q: My IT/security team is requesting more detail or documentation showing Envoy’s compliance with GDPR. How can I request this?

A: The answers to most security questions can be found here. If you are currently an Envoy customer and require additional documentation, then please reach out to your assigned account executive or customer success manager. You can also email security@envoy.com to contact Envoy’s security team.Please note that answering security questionnaires or reviewing customer documentation takes some time, depending on several factors. Customers may also be required to sign a mutual NDA before sharing sensitive internal documents or company policies.

Q: What about other products that I can integrate Envoy with?

A: Customers should consider the use of Envoy integrations (such as Box, Dropbox, Eventbrite, and Envoy webhooks) when examining their own GDPR compliance. If you configure an integration for Envoy Visitors, consider how your company will use that integration. If, for example, you decide to enable a webhook to trigger an internal system, or export all of your visitor logs to Box occasionally, take care to consider these other systems when responding to erasure requests, disclosures, and other GDPR-related compliance.

Note: We suggest you consult your own legal counsel if you have further questions about GDPR requirements for your organization.If you have specific questions about your compliance needs around visitor management, we’re happy to help. Feel free to email hi@envoy.com at any time.

Heading

What’s a Rich Text element?

What’s a Rich Text element?

The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.

The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.

Static and dynamic content editing

Static and dynamic content editing

A rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!

A rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!

How to customize formatting for each rich text

How to customize formatting for each rich text

Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.

Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.
Button TextButton Text
AUTHOR BIO
Writer

This post was written by one of the many writers at Envoy who are passionate about helping educate and inspire workplace leaders. We cover everything from the visitor and employee experience, to space and delivery management, to the workplace tech-stack that keeps it all running.

Read more

Security is critical for the future of your business. Learn how different types of security are important in the workplace and why you need them.

Learn how to choose a visitor management solution that’s right for you, including the best features to look out for.

A quality workplace has the power to make your organization thrive, if it's managed well. In this post, explore why workplace management is so important and how to get it right for you.

In this post, we’ll explore what workplace compliance is and how to build a compliance culture for your organization.

Managing your space well doesn’t have to be difficult. But to be successful you need the right processes and tools.

With more folks sending personal packages to the workplace, having a sound mailroom management system in place is key.

Demo
Contact