TABLE OF CONTENTS

I. What is GDPR?

II. GDPR Compliance at Boardable

III. GDPR Request Process


I. What is GDPR?

GDPR stands for General Data Protection Regulation. GDPR sets guidelines around collecting and processing personal information from people who live in the European Union (EU). It applies to personal data, which is any information relating to a person that can be identified (directly or indirectly), and gives individuals power over the use of their personal data.

GDPR, Article 4, defines personal data as follows:

  • ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

II. GDPR Compliance at Boardable

Boardable has an internal cross-functional team that works on GDPR requests from first receipt through completion. Boardable employs best practices for securing all user information, data, and documents. We respect your privacy! In addition:

  • Boardable employees must complete privacy and security training

  • Boardable has regional data centers

  • Boardable's Data Protection Officer (DPO) ensures compliance with the following responsibilities::

    • Oversee how customer data is collected

    • Oversee how customer data is processed

    • Review third-party vendor data processing agreements

III. Make a GDPR Request

To make a request:

  1. The information required for the request form is:

    1. Email Address - used to log in to Boardable

    2. Full Name - first and last as displayed in Boardable

  2. Fill out GDPR Request form found on Boardable's Customer Request Portal

  3. An email will be sent to verify the user and confirm the request

  4. The process will proceed as follows based on the option or options selected:

    1. Receive report of personal data

      1. Report on personal information held will be provided within 30 days

      2. If for some reason the request should take longer, a plan will be provided within that 30-day window

    2. Request deletion of personal data

      1. The individual's personal data will be removed within 30 days and the user notified

      2. If for some reason the request should take longer, a plan will be provided within that 30-day window

    3. Request to stop all processing of personal data

      1. The individual will be removed from all marketing campaigns within 30 days

      2. An open dialog with our tier 3 support team will help determine if there are any other areas of concern


Related Articles

Did this answer your question?