Beginning May 25, 2018, the European Union (EU) is enforcing a new regulation adopted by the European Parliament in April 2016 known as the General Data Protection Regulation (GDPR). GDPR standardizes data privacy laws across Europe, expands the definition of “personal data,” and serves as an update to the outdated EU Data Protection Act.
To protect the data privacy of individuals in the EU, the GDPR mandates that all organizations controlling, holding, and/or processing personal data of people in the EU must:
Clarify and/or update privacy policies and contractual documents to ensure transparency with regard to personal data collection, transmission, storage, and removal.
Implement transparent and easy-to-understand consent mechanisms to ensure clients are aware of what their consent means, as well as provide a simple process to request data removal and/or withdraw consent.
Update data-breach notification policies in line with GDPR guidelines in the event of a data breach.
As a US company with clients in the US, EU, and beyond, Smith.ai is committed to complying with GDPR by May 25, 2018. Below is an overview of the steps we are taking to that end. For any questions not addressed below, please contact us.
What steps is Smith.ai taking to comply with GDPR?
Smith.ai has always taken data security and privacy rights seriously, and the Smith.ai team already has instituted many data protections, which are (non-exhaustively) enumerated in our Terms and Conditions, and which include:
Smith.ai deploys our infrastructure on AWS which complies with GDPR as well https://aws.amazon.com/blogs/security/all-aws-services-gdpr-ready/
Smith.ai encrypts data with Secure Socket Layer technology (SSL).
Smith.ai receptionists are trained to follow strict confidentiality measures and are required to sign a Non-Disclosure Agreement.
Smith.ai receptionists will not ask any caller for information that is not specifically requested by the business for whom the call is being handled.
Smith.ai anonymizes visitors to its website.
Smith.ai’s Terms and Conditions also acknowledge its role as a data processor for businesses and individuals (“Subscribers”). Smith.ai will continue to fulfill that role, providing virtual receptionist and business communications services to assist Subscribers to meet their responsibilities as data controllers.
To further address GDPR compliance for our EU clients, Smith.ai, in its role as a “data processor,” is also:
Mapping an overview of our systems to document the use of personal data.
Introducing updated Terms and Conditions that reflect our GDPR obligations.
Reviewing and/or revising our client and/or vendor agreements.
Making changes to our platform (including, but not limited to, the Smith.ai website and Smith.ai software) that enable us to support GDPR's provision of enhanced data rights to individuals in the EU.
How does GDPR define “personal data?”
“Personal data” is defined as any information related to a natural person (“data subject”) that can be used to directly or indirectly identify the person. It can be “a name, an identification number, location data, an online identifier” (such as an email address), or a reference to “one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
What personal data does Smith.ai collect from its users?
When you fill out a form to sign up for a Smith.ai service, or proactively provide us with other personal information, we collect that information. For example, to sign up for a free trial of Smith.ai’s virtual receptionist service, we ask only for a name, phone number, and email address. In other circumstances, we may ask you to provide other information, which may include your postal address.
In addition, the device you use to browse the Smith.ai website or use Smith.ai’s services is automatically providing information to us so we can respond and customize our response to you. This generally includes technical information about your computer, such as your IP address or other device identifier, the type of device you use, and operating system. It may also include usage information and information associated with, or provided during, your interaction with Smith.ai. For example, if you engage with an agent on our website via our “chat” application, you may disclose personal data such as your location and occupation.
What does Smith.ai do to keep its clients’ and users’ personal information safe?
Data protection is deeply ingrained in our business. We are regularly enhancing and evolving our security platforms, procedures, and methods to better protect our users' information and anonymity.
Who should I contact if I have further questions about Smith.ai’s GDPR compliance?
Please contact us at firstname.lastname@example.org.
Where can I learn more about GDPR?
We encourage you to explore the following resources: