We at OneUp Sales have taken every step we can to be GDPR compliant before the regulations are enforced in May 2018. We've appointed a Data Protection Officer, and updated our tech stack and feature set to ensure that we're colouring inside the lines. In the process, we carried out an audit of the data we store, as well as various legitimate interests assessments to validate that what we store is done so legally. Any data that didn't make the cut has been deleted, and steps have been taken to ensure that you the end user have complete control over your data. Below is a summary on a number of key points that may be of interest regarding this compliance.
Data Protection Officer
James Heath, our CTO, is our current data protection officer. His job (amongst many other things) is to ensure that the data we store for the OneUp platform is both legal and correct, and that we only hold that data for as long is applicable to our operational goals. Any questions or concerns should be raised to him by email.
Information security is incredibly important in the modern day and age. In the front-of-house sections of the platform, we use SSL to ensure the information you send and receive to OneUp is kept just between us. Meanwhile, the back-of-house is relies on a web of firewalls, security policies, authentication techniques and encryption to ensure everything is kept safely under lock and key.
Third Party Integrations
The vast majority of our clients rely on at least one integration with third party software, such as popular CRMs like Bullhorn, Pipedrive or Salesforce. Every single one of these integrations are opt-in, and OneUp is explicitly in control of the flow of data between the two systems. That flow is always "from them, to us" - we never send data from our platform to them. These integrations are used to gather, analyse and present performance data about your team, and that data is never used for anything other than operational purposes only.
The exception to this rule is Intercom's Customer Messaging Platform; we use Intercom within the platform so that we can quickly and effectively deal with any queries or issues you may have, and for that we have to provide them with your name and email address so as to correctly identify you from everyone else.
Retention of Records and How We Use Your Data
The nature of OneUp is to increase the efficiency of your team and raise their KPI's by laying out the cold, hard numbers in front of them - and those same numbers make up the majority of the information that we store. We don't care that John just made a record-breaking £1,000,000 sale to Tom, or that Sally convinced SuperBigCorp. Ltd that Peter was the perfect candidate to hire as their new CFO. To us, that is just +1 sale (and a million in revenue, of course!) for John, or +1 placement for Sally, and therefore that is all the information that we store. And whilst your CRM may have told us about Tom, Peter, and SuperBigCorp. Ltd in the process of telling us just how well you're performing, we will only hold that data for as long as required to verify and validate it - anything surplus is anonymised or discarded as soon as it becomes so. We simply require the numbers behind your KPIs, so as to best aid in monitoring and improving them through our hassle-free target, competition and incentive management features.
As for you and your team, we store very little identifiable information, and is kept only for as long as you use the platform and not a moment longer. Any identifiable information we have is in the hands of the end user to verify and update as they please from their profile settings page. For unverified user accounts, please get in touch with our team if you require assistance in viewing and maintaining this information.
In summary, we only use your identifiable data to help you and your team navigate the platform, and to associate your day-to-day performance data against your account. We only care about the numbers; the details of how those numbers came to be don't matter to us, and will only be stored as long as required to process them. Finally, we only use your team's performance data to make managing targets and contests easy - we won't share or sell that information to anyone nor make it viewable to anyone unless you specifically asked us to do so.