We at OneUp Sales have taken every step we can to be GDPR compliant before the regulations are enforced in May 2018. We've appointed a data protection advisor, and updated our tech stack and feature set to ensure that we're colouring inside the lines. In the process, we carried out an audit of the data we store, as well as various legitimate interests assessments to validate that what we store is done so legally. Any data that didn't make the cut has been deleted, and steps have been taken to ensure that you the end user have complete control over your data. Below is a summary on a number of key points that may be of interest regarding this compliance.
Data Protection Advisor
James Heath, our CTO, is our current data protection advisor. In this role, his primary concern is to ensure that the data we store for the OneUp platform is both legal and correct, and that we only hold that data for as long is applicable to our operational goals. Any questions or concerns should be raised to him by email.
Information Security
Information security is incredibly important in the modern day and age. In the client-facing sections of the platform, we use SSL to ensure the information you send and receive to OneUp is kept just between us. Meanwhile, the servers that power the platform relies on a web of firewalls, security policies, authentication techniques and encryption to ensure everything is kept safely under lock and key.
Privacy Policy
We take your privacy very seriously. Information on the data that we collect, how we store it, and how we use it can be found in our privacy policy.
Third Party Integrations
The vast majority of our clients rely on at least one integration with third party software - typically their choice of CRM and VOIP system. Every single one of these integrations are opt-in, and OneUp is explicitly in control of the flow of data between the two systems. That flow is always "from them, to us" - we never send data from our platform to them, nor call upon elements of a third party API that would cause it to alter or modify the data it holds. These integrations are used to gather, analyse and present performance data about your team, and that data is never used for anything other than operational purposes only.
OneUp uses a third-party customer support platform, which we use to quickly and effectively deal with any queries or issues you may have. For that, we have to provide them with the name and email address of your OneUp account so as to correctly identify you from everyone else.
Retention of Records and How We Use Your Data
OneUp only requests data from your CRM and VOIP systems that are relevant to the KPIs that you wish to track whilst using the platform; for example, if you wish to track just the Sales added to your CRM, we will not retrieve nor store information on your Products or Prospects outside of what is presented in the Sales data. Once this data has been retrieved, we retain it on our systems for as long as it can be used to represent performance data on OneUp.
Some areas of the platform (such as our Data Insights tool) allow you and your users to see the raw CRM and VOIP data that generated the performance values. This functionality is opt-in, and only accessible to those who have the relevant permissions (as set by your appointed OneUp administrators within the access control systems on the platform).
Some members of the OneUp support team may look at the raw data from your CRM and VOIP systems; this is to aid them with diagnosing integration configuration issues that may be causing the numbers on OneUp to fall out of sync with your expectations. Support team access to this data is granted and revoked on a per team member basis, as deemed fit by our CTO and data protection advisor. Each team member with this access has been briefed on the GDPR and the important of data security and data confidentiality.
As for you and your team, we store very little identifiable information. Most identifiable information we have is set by our users, and in the hands of you and your team to verify and update as you please from the relevant user profile pages. Other more technical forms of information (for example, the IP address from which you access the platform) is kept only for the purposes of internal auditing, and only for as long as is necessary for us to successfully deliver the best production experience that we can. For unverified user accounts, please get in touch with our team if you require assistance in viewing and maintaining this information.