GDPR Frequently Asked Questions

Effective August 18, 2020

For the previous version of this document click here.

The privacy and security of personal data and other information has always been our top priority.  We regularly review our systems and processes to address compliance with the GDPR. 

GDPR FAQ

What is the GDPR?

The General Data Protection Regulation (GDPR) is a European Union (EU) regulation that mandates how an organization should handle personal data. The GDPR came into effect on May 25, 2018.

The GDPR is aimed at giving individuals (known as data subjects) throughout the European Economic Area (EEA) (which includes all of the EU Member States as well as Iceland, Lichtenstein and Norway) and the United Kingdom (UK) control over their personal data and how it is used.  

The GDPR (and the UK equivalent) applies to organizations based in the EEA and the UK.  The GDPR (and the UK equivalent) also applies to organizations outside of the EEA and the UK to the extent that they provide goods or services to individuals located in the EEA or the UK or monitor the behavior of individuals located in the EEA or the UK.

How our add-ons enable you to comply with GDPR policies

The specifics of how personal data is processed, collected, stored, and deleted by product can be found in our Data Processing Addendum that you may request from us at any time. In addition to our addendum, we have implemented several tools to help our customers remain GDPR compliant:

• Security protocols that are backed by certifications such as SOC2 and PCI which mirror many of the security and privacy requirements of GDPR.
• Data portability and management tools that help customers meet the obligation to be forgotten (or right to erasure) clause by making it easy to delete personal data from our products:

As a customer, you operate as the data controller, and we are considered a data processor. These terms are defined in the GDPR.  As the data controller, you are responsible for ensuring that the personal data you share with us, or which we process or handle on your behalf, is processed lawfully and in accordance with the requirements of the GDPR.  As a data processor, we also have obligations under the GDPR, though they are more limited.

What personal data does ServiceRocket collect and store?

At ServiceRocket, we try very hard to minimize the amount of personal data we collect from you. We collect only basic personal data required to perform the requested services for you.

For more information on how we collect and use personal data, you can read our privacy policy at https://www.servicerocket.com/legaldocs/privacy-policy

May I opt out of ServiceRocket communications?

Yes. We retain basic user contact information to communicate with our customers about product and security updates, relevant marketing, training and events.  All our web pages and all our communications to you regarding training, marketing and events contain unsubscribe links.[OC3] 

Where does ServiceRocket host customer data?

The data collected on our Marketplace [OC4] is hosted by AWS. Their data centers are in the USA.  This data remains in the USA.

What security certifications does ServiceRocket have?

We have received certification for SOC2 Type 2. Our marketplace is also PCI compliant.  You may request a copy of our SOC2 Report by contacting us at any time at support@servicerocket.com

Will ServiceRocket delete customer data when requested?

If you wish to erase, obtain a copy, edit or update your [OC6] personal data, you need to use this form to place your request.  If you want to erase your data, we have a process to permanently anonymize the data.

Who should you contact if you have additional questions?

Catherine Matterson

General Counsel

ServiceRocket

legal@servicerocket.com

‍