MAY 25th 2018

Since May 25th 2018, the General Data Protection Regulation (GDPR) has been in effect. As you may have already heard, this European legislation gives individuals more rights in relation to their data and places higher requirements on its security. eConnect has been working hard to ensure that all aspects of our services are GDPR compliant. We would like to tell you what measures we have taken and how we have set up the processing of personal data.

Measures taken by eConnect

1. Processor

In most cases, eConnect acts as a processor, for example when we deliver your invoices in your financial software. In this context, we have made our standard processor agreement GDPR-compliant. This processor agreement is part of our General Terms and Conditions.

2. Processor

In some cases, eConnect acts as a data controller, for example if we use your data after you have completed a contact form on our website. For this purpose, we have optimised our privacy and internal information security policies.

3. More rights

As mentioned earlier, as a data subject, you get more rights under the GDPR. This sounds nice, but in many cases you are dependent on your software supplier when you want to invoke these rights. eConnect has made sure that you, as a data subject, decide yourself what data we keep about you on our platform. This makes it easy to invoke the right to inspection, for example, and you always keep control yourself.

4. Incident management

We have implemented, as described in our SLA, a structured incident procedure. This procedure ensures efficient and transparent handling.

5. Risk management

Following a comprehensive risk analysis, from Phishing to the unintentional release of data, we have drafted and implemented internal control measures. Our information security policy (ISO 27001 certified) is therefore accurate, complete and reliable. This way, we avoid unpleasant surprises.

Data processing by eConnect

1. What personal data?

  • Name and address details;
  • Contact details (phone number, email, website);
  • Gender;
  • Financial data;
  • Company identification numbers, such as Chamber of Commerce number, VAT number or IBAN.

2. From whom.

  • Customers;
  • Employees of customers;
  • Potential customers;
  • Employees of potential customers.

3. What do we do with it?

  • Primary service provision, under the agreement you have entered into with eConnect;
  • Sales-related work based on contact requests from potential clients;
  • Providing an online archive for all clients of eConnect.

4. How long do we keep them?

  • Our customers can decide how long their data is stored in the online archive on the eConnect platform. For other personal data, we do not keep them longer than necessary during the performance of our services.