What is GDPR?

The GDPR is a comprehensive data protection law that came into effect on May 25, 2018. It replaced existing EU law to strengthen the protection of “personal data” and the rights of the individual. It's a single set of rules which governs the processing and monitoring of EU data.

Does it affect me?

Yes, most likely. If you hold or process the data of any person in the EU, the GDPR will apply to you, whether you’re based in the EU or not.

How Vetter prepared for GDPR

Vetter welcomes the GDPR as an important step forward to enhance data protection across the EU and the globe and as an opportunity for us to strengthen our commitment to data protection. As such we have undertaken the following:

  • A Data Protection Officer has been appointed.
  • We have analysed what personal data we process and confirmed our lawful basis for processing.
  • We have completed a full analysis of our data security practices and procedures.
  • We have updated our Data Protection Agreement.
  • Our Privacy Policy has been updated.
  • Our Terms of Use has been updated.
  • Procedures around data subject rights have been implemented.
  • Our data breach response procedure has been improved.
  • We have implemented increased data restriction controls, logging and monitoring.
  • We are communicating with our customers about the GDPR and the updates to our relationship with them.

What personal data does Vetter collect?

Vetter collects users’ full names. Vetter also collects users’ work-email addresses in order to send notifications about events that have happened in the software, along with ‘reset password’ emails. We never send marketing emails to our users.

Storing of Personal Data

The Data and information Vetter requires to operate is exclusively maintained under Digital format on IT Systems.

Vetter stores all Personal Data either on AWS Europe or AWS East Coast USA resources while using some external 3rd party tools to enable parts of the Service, namely:

  • AWS – Hosting;
  • Sendgrid - notification emails
  • Segment - data transfer to Intercom
  • Intercom – Messaging and user support; (this can be switched off for specific accounts)
  • FullStory - usage analysis tool. (this can be switched off for specific accounts)

For what purposes do we process your data?

Personal Data is exclusively processed by Vetter to enable access to its resources by registered users.

General Retention Criteria.

Vetter will maintain Personal Data pertaining to its Corporate Clients’ Users for the duration of the Services

Third party vendors

All of the third party vendors that handle any data in Vetter comply with GDPR. Certain Vendors are located outside the EU but are GDPR-compliant. Contact us for a list of those vendors.

The Principle of Data Minimization.

Vetter takes every reasonable step to ensure that Personal Data under its direct Processing activities (as the Controller) is limited to the amount and type that is necessary to deliver its Services towards its Users and Corporate Clients as it has been agreed by those, either via Consent or a Contract, for any longer than required under the scope of agreed services.

No Automated Decision Making.

Vetter does not undergo any type of Automated Personal Data Processing activities or Decision Making, mainly (yet not exclusively) that may lead to Data Subject “Profiling” activities.

What does this mean for our Relationship?

When we provide software and services to an enterprise, we’re acting as a ‘data processor’ for the personal data you ask us to process and store as part of providing the services to you. As a data processor, we only process personal data on your company’s authority and instructions.

As the ‘data controller’, you will determine the personal data we process and store on your behalf.

We understand that compliance with the GDPR requires a partnership between Vetter and our customers in their use of our services and we look forward to working with you on this important new regulation.

What are your responsibilities as a data ‘Controller’?

You will typically act as the data controller for any personal data you collect in connection with your business. The data controller determines the purposes and means of processing personal data, when you choose which one of our services you use you are deciding the purpose (what to do) and means (who you get to do it, ie. Vetter).

Data controllers are responsible for implementing appropriate technical and organizational measures to ensure and demonstrate that any data processing is performed in compliance with the GDPR. Controllers’ obligations relate to principles such as lawfulness, fairness and transparency, purpose limitation, data minimisation and accuracy, as well as fulfilling data subjects’ rights with respect to their data.

If you are a data controller, you may find guidance related to your responsibilities under GDPR by regularly checking the website of your national or lead data protection authority under the GDPR (as applicable) or going to https://www.eugdpr.org/.

You should also seek advice from a GDPR consultant relating to your status and obligations under the GDPR, as only a qualified specialist can provide advice specifically tailored to your situation. Please bear in mind that nothing on this website is intended to provide you with, or should be used as a substitute for, legal advice.

Rights of Data Subjects

Those Data subjects who are individual Customers may exercise their Rights directly towards Vetter, however, those who are staff members from Vetter’s business customers must address those companies to exercise their rights towards Vetter.

Under the GDPR, the Data Subject has the following set of established rights:

  • Right of access.
  • Right to rectification
  • Right to erasure
  • The right to restrict processing.
  • The right to object to processing.
  • Right to data portability
  • Right to be informed about a Personal Data Breach
  • Right to complain with a supervisory authority

Submitting a Data Subject Request/ Complaint.

Under the scope of Personal Data Protection, the Data Subjects may address Vetter via:

A written request, accompanied by all necessary information, to the following address: Bloomswood, 93 English Row, Celbridge, Co. Kildare, Ireland
Email: Emails should be sent to support at getvetter.com

Personal Data Processing and Security

Vetter has its “IT infrastructure” configured and monitored under the strictest Security market standards and it has reviewed and adopted changes to its operational processes in a manner that ensures compliance with the requirements posed under “GDPR” towards “Personal Data” Protection. This means to assure its Confidentiality and Privacy while under “Personal Data Processing Activities” performed by itself and its “Partners” within the scope of Vetter’s software services.

Organizations around the world gathering and implementing Ideas, week after week....

clientslogo

"We wanted an online suggestion box that's easy to run and Vetter fits the bill"

Heather Saunders; ECITB Product Dev. Platform Manager

Book a Demo