General Data Protection Regulation (GDPR)
Find out what we do to ensure EU General Data Protection Regulation compliance.
The General Data Protection Regulation (GDPR) went into effect in the European Union on May 25, 2018. It will expand upon data privacy rights, requiring companies to safely and securely collect and process personal information. Its goal is to improve and protect personal data and information.
Who is affected by the GDPR?
The GDPR applies to all companies with locations in the EU, as well as for all companies who handle and process the personal information of EU citizens. It expands upon the data privacy rights of these persons and applies not only to large companies, but to small and medium-sized businesses as well.
What is MyStudyGenius doing to comply with the GDPR?
Privacy is a top priority at MyStudyGenius. Our vision is to simplify your business day, which of course also means helping you to work in full compliance with the GDPR. This is why we have thoroughly analyzed the requirements of the GDPR, and are continuously re-evaluating all of our processes and procedures accordingly.
Who can access what information?
All of our software applications are configured with data privacy-friendly basic settings. As a MyStudyGenius customer, you’re able to allocate different roles to you and your team depending on what you require: Administrator, Owner, and Member. Administrators possess all rights across the entire company and are able to configure the system. Owners are assigned to a specific location and can manage the system for that entire location. Members on the other hand only have access to services specifically assigned to them and can manage their appointments and customers.
How much of your data can MyStudyGenius access?
Our employees' access to information is based on a need-to-know principle. They are only permitted to access certain data where a justifiable need exists to do so. For example, if a customer contacts our support with a problem, the corresponding employees do have access to his or her information to effectively respond to the support request. In addition, our IT developers are permitted situation-based access to customer information to continually develop and improve our software. We will be re-examining this concept based on the changes produced by the new regulation.
What data and information are collected?
A fundamental principle of the new General Data Protection Regulation is data economy. At MyStudyGenius, we collect data and information only when it is absolutely necessary for the applications of our software. Let’s say you sign up for a free trial. This means we’ll have to store your name and email address to give you access to our software. Any additional information will not be collected.
How is your data encrypted?
We protect all personal data using Transport Layer Security (TLS) encryption. We additionally use HTTPS encryption in our software and on our website. Whenever a data transfer occurs, your data and information are not visible, and protected from third-party access.
Where are data and information stored?
MyStudyGenius’s data and information are hosted on AWS servers in a data center in Frankfurt, Germany. Click on the following to read more about the guidelines regarding the certification of these servers: https://aws.amazon.com/compliance/iso-27001-faqs/ .
Which changes have we made to our software?
Data Processing Agreement
As a MyStudyGenius customer, you can now access and agree to our Data Processing Agreement conveniently in your Company Settings.
Newsletter Opt-in
Every company is now required to get their customers' express consent before sending them promotional emails such as offers or event invitations. To comply with this requirement, we've included a double opt-in process in our software which is available for all users of our Newsletter feature. New customers have the option to subscribe when booking an appointment online. The subscription status is included in each customer profile in the section "Newsletter Subscription" and can also be complemented manually after obtaining the customer's oral consent.
Privacy Policy Update
We updated our Privacy Policy in accordance with the new GDPR.
As a MyStudyGenius customer, you can now access and agree to our Data Processing Agreement conveniently in your Company Settings.
Newsletter Opt-in
Every company is now required to get their customers' express consent before sending them promotional emails such as offers or event invitations. To comply with this requirement, we've included a double opt-in process in our software which is available for all users of our Newsletter feature. New customers have the option to subscribe when booking an appointment online. The subscription status is included in each customer profile in the section "Newsletter Subscription" and can also be complemented manually after obtaining the customer's oral consent.
Privacy Policy Update
We updated our Privacy Policy in accordance with the new GDPR.