Our Commitment to You
At CXcherry, we have a duty, both ethically and professionally, to ensure that the information entrusted to us adheres to the level of confidentiality, privacy, accuracy, and availability expected from us. As required by GDPR, the personal information that we are provided with will be protected against unauthorized disclosure, be easily maintainable to ensure accuracy, and attributable.
While GDPR focuses mainly on standardizing data privacy in EU countries, it also affects all organizations that have access to personal information of EU citizens, regardless of where the organization itself is located. As such, you’ll find how we are GDPR compliant as below.
Our Security Infrastructure
Being a cloud-based SaaS company, ensuring that our customers’ data is protected is one of our primary focus. Our infrastructure runs on Amazon AWS servers and AWS S3 storage, whose industry-leading services are heavily certified for both privacy and security. Further to this, CXcherry will continually strive to maintain our security protocols and ensure that all aspects are up to date.
CXcherry Customers’ Enhanced Rights as Data Subjects
CXcherry values our customers’ rights as data subjects. Regardless of location or nationality, we are committed to the support of the new rights of all our customers as under the GDPR.
The Right to be Forgotten: You can cancel your CXcherry platform subscription at any time and your data will be retained for 90 days, as per the Terms of Service, upon which all information will be permanently deleted. If a user wishes to be immediately removed from the records, all CXcherry platform Administrators can instantly delete a user and all their information. Additionally, if a platform Administrator requires an immediate deletion of their platform, they can let us know at firstname.lastname@example.org , and the platform, along with all its information, will be deleted as soon as possible.
The Right to Object: If you don’t want to receive email notifications from your CXcherry platform, you are able to remove your email address from your profile. Administrators can disable email notifications for any user on their platform, if so requested. All marketing and update emails sent directly from CXcherry will also contain an unsubscribe link in the footer, allowing recipients to opt out of future emails.
The Right of Rectification: Administrators can allow users to edit their own profiles to fix incorrect information, and they can also make the edits themselves. You can also directly contact us if you require assistance with accessing, amending, correcting, or deleting any information that we have about you if a platform administrator is unable to assist you.
The Right of Data Portability: If you require a copy of data, you can use any one of our multiple reporting options to export the data you need. We are also able to export your information to a third-party upon an administrator’s request, which should be sent to email@example.com .
Data Portability Solutions and Data Management Tools
We are aware that our customers require help from us to be fully compliant with GDPR. Below, we’ve listed how we support GDPR compliance.
The Right to be Forgotten: All Administrators can permanently delete users and all their associated information, both individually and in bulk. Additionally, if the administrators are not responding to deletion requests, the request can be sent to firstname.lastname@example.org and we will be happy to do the deletion on our end.
The Right to Object: For users that do not wish to receive emails from their CXcherry platform, they can remove Email Address (if added) from their profile. Additionally, Administrators can also turn emails off for users.
The Right to Rectification: Administrators have full access to change and update a user’s information to ensure that it is correct. Users can also update their own profiles, and if editing profiles has been disabled by administrators, the user can contact an administrator or CXcherry directly to access or update their information.
The Right to Access: Administrators can collect different information from their users using the Additional Fields feature. All information that is collected will also be visible in the user’s profile. If a user requires assistance with information in their profile and are not able to have their issue resolved by a platform administrator, they can contact us directly at email@example.com for assistance. While the GDPR mandates a maximum wait time of 30 days, we will be able to provide the information much quicker in most cases.
The Right of Data Portability: Our reporting tools allow Administrators to export data and information. These can be previewed online or saved as an XLSX or CSV file for record-keeping.
Consent: CXcherry has Terms & Conditions feature for acquiring consent. Administrators can opt to use a Terms and Conditions message that requires accepting before the user is given access to the platform.
Amazon Web Services (AWS) - https://aws.amazon.com/blogs/security/all-aws-services-gdpr-ready
Google - https://privacy.google.com/businesses/compliance
Stripe - https://stripe.com/en-in/guides/general-data-protection-regulation
Vimeo - https://vimeo.com/privacy
Tiny Technologies Inc. - https://about.tiny.cloud/legal/privacy
Sendinblue - https://www.sendinblue.com/gdpr
Freshdesk - https://freshdesk.com/gdpr
If you have any questions about GDPR and how it affects CXcherry and its services, you can email us at firstname.lastname@example.org .