We are all well aware of the fact that technology each day is changing drastically but the privacy regulations currently in place are still stuck with no or minimal changes which may affect users data to some extent and in turn affect your organizations. At canUmeet we give utmost importance to both customers privacy and trust because nothing is more important to us than the privacy and trust of our users data. To ensure data privacy, the European Union has now taken a crucial step to protect the rudimentary privacy rights for each and every EU inhabitants with the General Data Protection Rights i.e. GDPR which is coming into effect starting May 25th 2018.
General Data Protection Right, in short GDPR is an initiative by the EU that focuses on businesses or the organization ranging from small sized startups to multinational companies, to protect personal data and privacy for EU residents. It also states that any organizations collecting EU data if is non compliance of these EU regulations, could cost companies dearly. It is now mandatory for all the companies dealing with European citizens data to comply with the stringent rules of data protection by May 25th 2018. Putting these into a more digestible form, citizens of Europe will now have a firm grip and understanding of when and where their personal information is being used and processed.
Protecting users information and their privacy regardless of their regions, is extremely important to us. canUmeet is a cloud-based company for appointment scheduling which contains customers most valuable data and we have made sure to set high standards for security and privacy. canUmeet is currently deployed, hosted and scaled on Amazon Web Services (AWS) platform that is fully equipped with all time on-site physical security that makes sure to protect unauthorized entry. This platform is in compliance with the EU-U.S Amazon EU-U.S Privacy Shield Framework as set forth by the U.S. Department of Commerce and the European Commission. We exceed all industry standards to make sure your account and your data is protected using multiple layers of encryption. We encrypt any information shared over public networks with an SSL connection to ensure all of your booking links are safe from unfriendly hackers.
One of the most important motive of GDPR is that to let users know what data are we actually collecting from them whenever they sign up to canUmeet or connect to any of the integrations that we provide. When it comes to handling user data, we take it very seriously and take into considerations all measures to avoid data breaches. To provide transparency, we have listed down each and every data that we collect from users. Please note that canUmeet never uses any of these data for marketing purpose and these data remains confidential throughout.
When user permits canUmeet to access the calendar, only a copy of events created from canUmeet are stored in its database. Calendar events that are created outside canUmeet are not stored. When user enables calendar conflict checking, canUmeet only checks for availability of a specified slot in the calendar.
canUmeet collects users social websites link for Facebook, Google Plus, Linkedin and Twitter if and only if registered users provide these details to be visible on canUmeet public page under Account Settings.
Typically Name and Email address of the user is recorded at canUmeet to notify the Event creator for a booking request. However, there could be additional information that an event owner requires from the booker before scheduling an appointment, to facilitate this canUmeet allows the event owner to customize the booking form with additional input fields such as plain text, number, phone number, drop down list etc. Data collected at booking form are only shared with the event owner and canUmeet does not use any of these information for marketing purpose.
canUmeet being a cloud based scheduling service provider, we have stored all our customers data on a dedicated and fully managed cloud database mLab. mLab is the leading Database-as-a-Service provider for MongoDB whose services runs on leading cloud providers Amazon, Google and Microsoft Azure. All our deployments are using Salted Challenge Response Authentication Mechanism or SCRAM as authentication mechanism. This service also provide dedicated Data Disk and Backup Encryption. For an in-depth information on mLab security, please refer to the security section of mLab here.
Our cloud based application canUmeet, is currently being used by number of users residing over all the regions available where we are currently blending our functionalities and policies to be GDPR compliant before EU regulations comes into operation. At canUmeet, it is our commitment to provide customers with the scheduling product they deserve. Our team is internally working hard to provide the best scheduling services for our customers in order to run with the pace that we have maintained. Below are some of the changes that we have introduced into canUmeet for ourselves and our customers to meet up GDPR obligations.
To start with, canUmeet basic work flow is event Creation->Sharing->Booking
If they don’t opt in, the recipient party will not be receiving emails for the status changes. Users from all the regions will now have to provide consent to canUmeet to send emails for above mentioned points.
Team canUmeet totally understands that meeting the GDPR policies will take time but we are trying our level best to streamline our process and make sure that none of the users from any of the regions along with us will face troubles related to GDPR compliance.
Please feel free to drop us an email at email@example.com in case you have any queries on our GDPR compliant plans. We would love to clear each of them.