Customer Thermometer GDPR and CCPA Compliance Statements and FAQ
Last updated: 19 August 2020
Customer Thermometer GDPR Compliance Statement: information for our customers and prospective customers
The EU General Data Protection Regulation (GDPR) is a significant piece of European legislation which came into force in May 2018. It builds on existing data protection laws, strengthening the rights that EU individuals have over their personal data, and creating a single data protection approach across Europe.
Customer Thermometer, as the data processor, has been committed in the delivery of our services to our customers to comply with GDPR from when it came into force on 25th May 2018, working in conjunction with our customers as the data controllers.
Customer Thermometer welcomes GDPR and the strong data protection and security principles that it enshrines, many of which Customer Thermometer put in place long before the GDPR was mooted.
Similar to previous legal requirements, compliance with the GDPR requires a partnership between Customer Thermometer and our customers in their use of our software.
Our GDPR preparation started in June 2017, and as part of this process we reviewed and updated all of our internal processes, procedures, data systems, and documentation to ensure that comply with GDPR.
We have now:
- Updated our third-party vendor contracts to meet the requirements of GDPR in order to permit us to continue to lawfully transfer EU personal data to those third parties and permit those third parties to continue to receive and process that data;
What do you need to do?
As a current or future customer of Customer Thermometer, you are responsible (as the data controller) for ensuring your use of our services is compliant with GDPR and your policies.
Consider these tips:
Get to know GDPR: Familiarise yourself with the provisions of the regulation, particularly how it may differ from your previous data protection obligations and consider the relationships you have with both your customers and staff. Also, note the variance of local provisions which may be superseded by the new regulation.
Audit your data and processes for data capture: Consider creating an updated and precise inventory of personal data that you control. Review your current controls and processes to ensure that they’re adequate, and build a plan to address any gaps. Here are some steps you can take today:
- Review your survey program
- Review your process documentation
- Ensure you have a lawful basis for holding and/or processing the data
Stay informed: Stay abreast of updated regulatory guidance as it is issued.
We will keep close to the new legislation as its implementation by the ICO develops, and will keep our customers informed throughout this process.
Customer Thermometer California Consumer Privacy Act (CCPA) Compliance Statement
California residents have the following privacy rights in relation to the Personal Information we collect (to the extent provided for by law and subject to applicable exceptions):
- The right to know what Personal Information we have collected and how we have used and disclosed that Personal Information;
- The right to request deletion of your Personal Information; and
- The right to be free from discrimination relating to the exercise of any of your privacy rights.
Exercising Your Rights: California residents can exercise the above privacy rights by emailing us at: firstname.lastname@example.org
Verification: in order to protect your Personal Information from any unauthorized access or accidental deletion, we will require you, or your Authorized Agent, to confirm your login details before you can submit a request to know or delete any of your Personal Information. If you do not have a user account with Customer Thermometer, or if we suspect fraudulent or malicious activity, we will ask you to provide additional information to verify your identity before taking any action.
Copyright Customer Thermometer 2017-2020. This information is provided for customer guideline purposes only and should not to be relied on for any reason. It is subject to change or removal without notice.