Last updated: May 25, 2018
Dear Converseon Customer:
As the GDPR evolves and best practices are refined, Converseon reserves the right to update this DPA at any time. If there is something we view as a material change, we will notify our customers via email 30 days in advance of the change going into place.
Converseon is compliant with the requirements set forth in the GDPR for a Data Processor. Our compliance with the GDPR includes, but is not limited to:
- The use of Personal Data of an EU data subject solely for the performance of our services and as permitted by applicable law;
- Taking appropriate measures to ensure the security of the Personal Data Converseon processes. This includes, but is not limited to – maintaining a Chief Security Officer and resourcing that position to effect high security standards for all Converseon services, deployment of generally accepted technical protections, frequent testing of our services, and training of all Converseon employees;
- Ensuring that all Converseon personnel who have access to or process Personal Data, are subject to a duty of confidence;
- Ensuring that no third party processes any Personal Data received from Converseon except in accordance with applicable GDPR requirements;
- Servicing obligations in connection with subject access requests and other data subject rights under GDPR;
- In the unlikely event of a system breach, we will expeditiously (within 72 hours) send you a notification email. A “system breach” does not include a customer account being accessed via valid credentials unless those credentials were exposed through some action or fault of Converseon or one of its sub-processors.
Customers who wish to provide personal information to Converseon by purchasing our products and services can access Converseon’s Data Processing Agreement to understand what information we collect, how we treat that data when you use our products and services, and what obligations Converseon assumes under Article 28 of the GDPR.