SALESmanago - platform compliant with the GDPR

The controller of the data displayed in a user's account is the account holder. Thus, in any case, it is the customer who has entered into a license agreement for the use of the Platform.

The default scope of data processed in the Platform is: name, email address, phone number, Contact ID, IP number, online behavioral data of data subjects. The above scope of personal data applies to the following categories of persons: users of the controller's websites who are customers or potential customers of the controller.

It is also possible to process a different scope of personal data - in this case, the intention to process a wider scope of data should be notified at the moment of signing a contract or during its execution to dpo@salesmanago.com.

The safeguards of the SALESmanago Platform have been matched on the basis of the risk analysis performed. The following safeguards can be mentioned as examples:

• general security policy for personal data and IT systems,
• a business continuity procedure (BCP)
• server infrastructure that guarantees 24/7 business continuity
• procedure for reporting emergency and potential emergency situations
• Disaster Recovery Plan (DRP),
• designated Data Protection Officer and IT Security team,
• personal data processing authorizations issued,
• training on personal data protection,
• personal data confidentiality statements,
• restricting access to the personal data processing area (physical processing sites) through, in particular, the use of access cards and access codes, locked cabinets and rooms, video monitoring (in terms of the Data Center and monitoring used by the administrator of the office where Benhauer is headquartered), an alarm system (in terms of the Data Center), the use of a security company, and restricting access to IT systems where personal data is processed and networks (use of login and passwords,
• separation of networks for third parties,
• use of automatic screen blanking and locking,
• procedure for verifying service providers for compliance with the provisions of the GDPR and the use of adequate security measures,
• use of cryptographic data protection measures,
• strong password policy,
• internal network protected by firewall software,
• antivirus software,
• logical and physical separation of data.

Not in every case personal data is processed on the basis of the user's consent. Personal data may be processed on other legal basis, such as the performance of a contract concluded with the data subject or the legitimate interest of the controller. In such cases, obtaining user consent is not required.

In accordance with the provisions of the GDPR, the purposes and legal basis for processing personal data are determined by the controller of such data.

The provisions of the GDPR apply to personal data contained in the SALESmanago Platform. This means that this data should be given the same protection as data that is not processed in the Platform. There are no additional obligations on the controller to manage personal data, however It is the responsibility of the data controller to ensure that processing complies with the GDPR regulations.

Yes, the SALESmanago Platform provides for the possibility of processing sensitive data, such as health information. However, the intention to collect sensitive data must be reported at the moment of signing the contract or during its execution to dpo@salesmanago.com.

The consent of the data subject is one of several legal bases for processing personal data. Data can also be processed on the basis of a concluded contract or on the basis of a legitimate interest of the controller. Thus, it is possible to use contact databases without consents, e.g. when the database contains the data of customers of an online store - the data of such persons can be used to conduct abandoned shopping cart campaigns.

Yes, the personal data of individual controllers are separated from each other logically or logically and physically (if you use a private server service).

Using the Platform, as a rule, does not require making changes to the terms of service. However, due to the fact that the Platform obtains data about users through cookies installed on their devices, it is necessary to obtain consent for the use of these files and include relevant information in the so-called cookie banner, which is displayed on the customer's page when the page is first displayed. The content of the banner and the method of obtaining consent is an individual matter for the customer, and may depend in particular on the business profile, the regulatory environment under which the customer is subject, and may depend on the tools used by the customer (e.g., the cookie consent manager).

Regardless of the above, as a platform provider we are the recipient of the client's website user data, so this fact should be indicated in the information clause.

Yes, we have appointed a data protection officer. You can contact him by email (dpo@salesmanago.com).

Yes, concluding a data processing agreement (DPA) is mandatory. The agreement is concluded by accepting the Main Services Agreement (MSA). The agreement is attached to the MSA and is available here.

According to the PDPA, data controllers may import and secure personal data processed in the SALESmanago Platform within 7 days of termination of the agreement. Within 14 days of termination of the contract, the data processed on the Platform is permanently and completely deleted.

In order to use the platform, the following personal data are entrusted: name and surname, e-mail address, telephone number, Contact ID, IP number, online behavioural data of data subjects. If there is a need, due to the profile of your business, to entrust a wider range of data, you can notify us of this fact when you sign the contract.