GDPR

Passed in 2016, the new General Data Protection Regulation (GDPR) is the most significant legislative change in European data protection laws since the EU Data Protection Directive (Directive 95/46/EC), introduced in 1995. The GDPR, which becomes enforceable on May 25, 2018, seeks to strengthen the security and protection of personal data in the EU and serve as a single piece of legislation for all of the EU. It will replace the EU Data Protection Directive as well as all the local laws relating to it.

We at Know Your Team support the privacy rights of our customers and our users and we comply with GDPR.

Who Does GDPR apply to?

The GDPR applies to all organizations operating in the EU or processing personal data in the UE or processing "personal data" of EU residents. It defines personal data as any information relating to an identified or identified natural person. “Data subjects” are the individual persons whose data we receive and process.

Know Your Team's Role in GDPR Compliance

It is important to note that Know Your Team is acting both as a Data Controller and as a Data Processor within the realm of GDPR compliance:

As a Data Controller, Know Your Team is responsible for implementing appropriate safeguards to ensure compliant processing of personal data provided to us by our customers and by individual consumers. This data is provided to us when customers and individual consumers interact directly with our services like knowyourteam.com and thewatercooler.com.

As a Data Processor, Know Your Team is responsible for safeguarding the personal data of our customers' users as they share information using our service knowyourteam.com.

As Know Your Team acts as both a controller and processor, both customers and users may play a different role in compliance:

Changes made to comply with GDPR

To comply with GDPR, we undertook some research and changes to our products. You can read about those changes here.

Policy, Terms of Services and DPA

Our Privacy Policy, as well as our Terms of Services was updated to reflect our compliance with GDPR. A DPA is available for signatures as part of our Privacy Policy as you can see here.

Internal Data Audit

We reviewed and continue to review all the data we collect, where the data is collected and processed, and the reasons for why we collect it, as well as which Know Your Team employees have access to it. This is also known as a data map and we have it ready to share upon request.

Vendor Audit

We audited all vendors to ensure they are adhering to GDPR as well as signing all appropriate DPAs. You can see more about our sub-processors further down in this document.

Your rights as a EEA person

Under the GDPR, as an European Economic Area (EEA) person, you have the following rights:

The right to be informed

Right to be informed of when your data is being collected, how it is being used, and the identity of the data Controller. This is achieved by our privacy policy. (Section 2 Articles 13 & 14)

The right to object

We strive to only collect data that is important for us to serve you well or to improve the product. Nonetheless, you have the right to object to the use of your personal data and make a case that our organization lacks compelling and legitimate grounds for processing your data to perform our business function. (Section 4 Article 21)

The right of access

You have the right to ask if we are processing your data, how we are processing your data, where we are processing your data, and the reasons for the processing.(Section 2 Article 15). To request your personal data map to see the categories of recipients who may see your data, you can click on this link.

The right to rectification

You can correct or complete any your personal information we have by visiting your respective profile page on knowyourteam.com or thewatercooler.com. If you have questions on how to do that please contact us. (Section 2 Article 16)

The right to be Forgotten (also known as Data Erasure)

The right to be forgotten entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. (Section 2 Article 17)

To request we delete all data about you (the data subject) please click on this link. If you are a user under a customer's organization, we reserve the right to inform the customer before we proceed with the erasure. If you are the owner of the organization and you want to keep the organization's account active, we need to appoint a new organization owner before we proceed with the erasure.

After we initiate the erasure process this operation cannot be undone and deleting all your data can take up to 30 days due to our backups policy. In the event we can not delete your data due to legal or similar restrictions, we will tell you and explain the reason(s).

The right to restrict processing

We share some personal data with certain vendors for analytics purpose to help us improve the product or solve bugs but we do not sell your personal or other data in any circumstances. (Section 2 Article 18)

You have the right to request that we to stop processing your personal data if you believe it is not accurate, or if processing is not compliant, or that retention is no longer needed. To file a request to restrict the data we process please click on this link.

The right to data portability

You have the right to receive the personal data concerning you (Section 2 Article 20). Upon request, we can generate a series of CSV files with all your data, so you can transmit that data to another controller

To request we export all the data we have associated to your account, click on this link. This process can take up to 30 days and our support team will keep you informed of the progress via email.

Breach Notification

Under the GDPR, a breach notification is mandatory if a data breach is likely to result in a risk to the rights and freedoms of individuals. If this scenario occurs, you will be notified in your email within 72 hours of first we have become aware of the breach

Privacy by design

Know Your Team takes a holistic approach to security and privacy. All sensitive and personal information we keep is encrypted and we never sell user data.

Third Parties

Know Your Team uses third party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to provide you with our services. These are also known as processors an sub-processors under GDPR. We only use partners that comply with GDPR and we have a Data Processing Agreement with every one of them.

To see our list of current vendors and changes we've made over time you can check this link

Questions about GDPR?

Please get in touch and we’ll be happy to answer any questions!