The General Data Protection Regulation (GDPR) entered into force in the European Union on May 25, 2018. It expands data protection rights and obliges companies to collect and process personal data securely. Its aim is to improve protection of this personal data.
The GDPR applies to all companies based in the EU and all companies which process the personal data of EU citizens. It expands the data protection rights of data subjects and therefore applies not only to large companies but also to small service providers and medium-sized businesses.
Privacy is a top priority for Netagenda. It is our vision to simplify your day-to-day business, which also includes GDPR-compliant working, of course. That’s why we have taken a close look at the GDPR requirements and are currently putting all our processes and workflows under the microscope. Our software, contracts and documentation are being expanded accordingly in order to ensure the best possible protection of your data and that of your customers. Netagenda AG is committed to data protection.
Our software applications are essentially configured with basic settings compatible with data protection. As a Netagenda customer, you can assign you and your team different roles if required – here, we distinguish between admin, owner and employee. An admin holds all rights across the company and can configure the system. An owner is assigned to a branch and can manage the system across the branch. Employees, however, only have access to services they are assigned to. This allows you to manage your appointments and customers.
Our employees’ access permissions are governed by the need-to-know principle. You are therefore only granted access to specific data if there is a legitimate interest in it. For instance, if a customer contacts our customer support with a problem, the relevant employees can view the appropriate data to allow them to respond to inquiries in the best possible way. Furthermore, IT developers have access to appropriate data to allow them to continue developing our software on an ongoing basis. As part of the GDPR changes, we are putting this concept under the microscope once again.
A basic principle of the new data protection regulation is data minimization. Accordingly, at Netagenda AG, we only collect data if this is truly necessary for our software’s applications. Should you sign up for a free trial period, for example, we must store your name and email address to allow you access to our software. No further data is collected.
We protect all personal data using Transport Layer Security (TLS) encryption. We also use HTTPS encryption in the product and on our website. In the event of a data transfer, these measures mean that your data cannot be viewed and it is therefore protected against third-party access.
Netagenda AG’s data is stored on AWS servers which are located in a data center in Frankfurt (Germany). Detailed guidelines on these servers’ certification can be found at the following link:https://aws.amazon.com/compliance/iso-27001-faqs/
For advice on data protection issues, we consult our company data protection officer.