The GDPR at Brand Embassy

Brand Embassy product readiness

The “General Data Protection Regulation,” or GDPR, is a new comprehensive data protection law in the EU (including the UK post-Brexit) which comes into effect on May 25, 2018. The GDPR updates existing EU privacy laws in order to strengthen them in light of rapid technological developments and more complex international flows of personal data, and to give EU citizens better control over their personal data in the digital world. With a single set of rules, the GDPR regulates and unifies across the EU how organizations can collect, store, process and transfer the personal data of EU individuals.

Because Brand Embassy has had operations in the EU for years, we are familiar with these types of data privacy rules on various levels. Brand Embassy sees the GDPR as an opportunity to deepen our commitment to data protection and to build a stronger data protection system for the benefit of all. As an SaaS (software as a service) provider, we already have robust security measures in place meeting high-level standards in the industry with enterprise-level security features.

Between now and May 25th (and beyond), we are fully committed to enhancing the Brand Embassy platform to enable easier compliance with the GDPR.

We are also dedicated to helping our customers comply with the GDPR. We are working to make enhancements to our products, contracts, and documentation to help support our customers’ compliance with the GDPR.

Highlights related to the GDPR compliance program at Brand Embassy:

  1. Data security is our top priority and we have robust security measures in place to meet high-level standards in the industry. We combine enterprise-level security features with comprehensive processes, procedures, and audits of our applications, systems and networks to ensure that your and your customers’ data is always protected. Brand Embassy stores data in AWS SOC 2-certified data centers.
  2. We already offer a number of state-of-the-art data protection measures, including masking payment cards (PCI), masking for chat transcripts, encryption when data is being transited, and optional encryption for data at rest.
  3. We have audited our processes, architecture and workflows in depth. Data Protection Impact Assessments has been performed, impact has been mapped, and our security measures have been updated and aligned. We have also updated our security infrastructure as needed in order to achieve compliance under the GDPR.
  4. Brand Embassy has implemented processes and tools to help you manage requests from data subjects including the deletion of personal data (“the right to be forgotten”), access to personal data, modification (rectification), and portability.
  5. For every new feature, product and enhancement, we are already applying data protection mechanisms and procedures to our design principles.
  6. We’ve made a new data processing addendum (available here https://www.brandembassy.com/legal/data-processing-addendum), which reflects the standards of the GDPR.

What personal data does Brand Embassy process, for what purpose and based on what legal perspective?

Brand Embassy processes personal data based on the Service Agreement with a Controller and upon instructions from the Controller. Brand Embassy is a Processor.

Brand Embassy collects the following personal data with related purposes:

Area Personal Data Purpose
The Brand Embassy Platform Personal Data collected may include:

Agent/Username: name, email address, login, IP address, device fingerprint, phone number, SMS verification account, photo/avatar, social identity, notes, comments, drafts, messages or communication, custom fields, tags, audit events, attachments, and bans, inserted into the Platform. The Platform may also process the times of activities made in the Platform to analyze efficiency.

Client: company name, billing address.
In connection with providing the Service, enabling the Client and the Client's employees to interface with the Brand Embassy Platform and enabling access of the application, performing the tasks and providing customer service through the Brand Embassy Platform, while increasing efficiency and customer experience.
Social Media and Messaging Platforms, In-app messaging and SMS Personal Data collected may include (differs per source):

End-User: name, photo, email address, social media or messaging identifier, messages, posts, notes, attachments, IP addresses, social interactions, device fingerprint, location, phone number.
Enabling our Clients to provide accurate, efficient and personal customer service to their customers with great customer experience. Some information may also be used to verify the customer.
Brand Embassy Chat Personal Data collected may include:

End-User: name, photo, email address, social media or messaging identifier, messages, posts, notes, attachments, IP addresses, social interactions, device fingerprint, location, browsed pages, cookies.
Enabling our Clients to provide accurate, efficient and personal customer service to their customers with great customer experience. Some information may also be used to verify the customer.
E-mail End-User: name, email address, email subject, email content, email recipients, IP addresses, device fingerprint. Enabling our Clients to provide accurate, efficient and personal customer service to their customers with great customer experience. Some information may also be used to verify the customer.
Community Forums Personal Data collected may include:

End-User: name, photo, email, post, comments, notes, attachments.
Enabling our Clients to provide accurate, efficient and personal customer service to their customers with great customer experience. Some information may also be used to verify the customer.
Keyword-based Monitoring Personal Data collected may include:

End-User: name, email, public post / comment.
Enabling our Clients to provide accurate, efficient and personal customer service to their customers with great customer experience. Some information may also be used to verify the customer.
Custom Channels Personal Data collected may include:

End-User: name, photo, email, post, comment, notes, attachments.
Enabling our Clients to provide accurate, efficient and personal customer service to their customers with great customer experience. Some information may also be used to verify the customer.

Brand Embassy also uses certain sub-processors (including members of the BE Group and third parties), sub-contractors and content delivery networks to enable us to provide Brand Embassy Services. See more here: https://www.brandembassy.com/legal/subprocessors. You can also view our privacy policy here: https://www.brandembassy.com/privacy-policy.