Arteel cloud platform commitments to the GDPR

Posted on 23.02.2018

You can count on the fact that Arteel is committed to General Data Protection Regulation (GDPR) compliance across all Arteel cloud platforms. We are also committed to helping our customers with their GDPR compliance in relation to the use of our cloud platforms by providing the necessary contract addenda before GDPR will come into force on 25 May 2018.

This FAQ highlights some crucial elements of Arteel's GDPR compliance.

1. Is Arteel Data Controller or Data Processor?
Arteel acts as Data Processor on behalf of our SaaS platform clients who are Data Controller.

2. What type of personal data do you process?
The personal data processed across our cloud platform varies from program to program, but it may concern (a subset of) the following categories of data: name, address, email address, telephone number, time zone, birth date, hire date, identity of your manager, job title, unit you work in, the location you work at, your employee identification number, system access/ usage/ authorization data and to the extend applicable legal entity information.

3. How do you use the personal data of our employees or clients?
Arteel only processes personal data in accordance with the following restricted purposes: (a) to promote the use of our Platform and send users related messages, (b) to report on all aspect of Platform usage, (c) to fulfil orders placed on the Platform, (d) provide support to users, (e) enforce compliance with our terms of use and applicable law, (f) to protect the rights and safety of our users and third parties as well as our own, (g) to meet legal, accounting or security requirements, (h) to respond to lawful requests by public authorities, (i) to prosecute and defend a court, arbitration, or similar legal proceeding, (j) to improve the services we offer.

4. How do you obtain the personal data you process?
We assume you obtained the prior specific permisison for all data that you provide to us and that we might use to provision user accounts with. For all personal data Arteel obtains directly from your employees or clients we obtain specific prior permission - in full compliance with the provisions of article 13 of the GDPR - after informing the users of our privacy policy and terms of use.

5. Where is the personal data stored?
All personal data is kept by Arteel within the European Economic Area and is never exported outside this area.

6. Who has access to personal data?
Only Arteel staff who have a legitimate need to access personal data can view these data. All access to personal data is subject to individual user, role-based authentication. For shipments of catalogue items, Arteel will provide the relevant fulfilment partner with the user's - or the recipient's - name, address, email and phone number. These fulfilment partners are already fully GDPR compliant or have committed themselves to be so by the 25 May 2018.

7. Will you notify us of requests from users that exercise their privacy rights?
Arteel ensures not to respond to such requests except on your documented instructions or as required by Applicable Laws to which Arteel is subject. If Arteel is legally bound to respond to such requests we will - to the extent permitted - inform you of that legal requirement before we responds to the request.

8. What happens in case of a personal data breach?
We will notify you without undue delay upon becoming aware of a personal data breach. And we will provide you with sufficient information to allow us both to meet any obligations to report or inform users of the breach.

9. What is a user requests for access, rectification or erasure of data?
Arteel will examine all such requests and if this proves necessary in accordance with the GDPR, give an appropriate follow-up. We will notify you immediately.

10. How can a user contact Arteel to exercise their rights?
Any employee or contingent worker of any Arteel client, may contact us to verify what personal information we maintain about them and update or correct any of it. They can contact us by regular mail at our company headquarter, by email or by phone.

11. When will you delete the personal data?
We will promptly and in any event within 10 years of the date of cessation of any services involving the processing of personal data, delete all copies of those personal data. If you require us to return or delete personal data within this 10 year period, we will - to the extend permitted by law - return a copy of all personal data by secure file transfer and delete all other copies of these data process by us.

12. Can we check your compliance to the GDPR?
Yes, you have the right to check compliance at any time. Arteel well at your simple request provide all information necessary to demonstrate compliance with the obligations laid down and to accept audits, including inspections, by you or an auditor authorized by you. All control costs are borne in full by you.

13. Do you use cookies on your platforms?
We may use session or persistent cookies on our cloud platforms in order to provide users with the best possible user experience. If users choose to set their browser to not accept cookies, they can still use the platform - although this may impair some functionality.

14. Do you use advertising technology?
Arteel does not track your personal information across third party web sites or online services. We also do not authorize or enable any third party to collect information from users through any advertising technology.

15. How do you deal with security?
Arteel is committed to taking reasonable steps to ensure the security of personal information. To prevent unauthorised access, maintain data accuracy and ensure the appropriate use of information, we have put in place appropriate procedures to safeguard and secure the information we collect online.