Agillic offers this article to current and potential clients to help them stay GDPR compliant. As a data processing company, Agillic wants to ensure that our clients and their customers (i.e. consumers) understand Agillic’s practices in data processing and information privacy, as well as explain the options to access, transfer, restrict, correct, and delete data. The customers own their personal data, and the client manages and processes the data with the help of the Agillic platform. Learn how Agillic facilitates our clients in their GDPR readiness. 

Fundamental Rights

GDPR guarantees consumers basic fundamental rights concerning data privacy. Below we discuss how clients can work with Agillic in order to address consumers’ fundamental rights. 

Right to Access

As the data owners, consumers have the right to access the personal data that is stored or processed about them. The consumers can access their personal data by contacting the client company and requesting access to the data. The client will then export all the consumer-specific data saved for the customer from both the Agillic and client systems.

Right to Have Data Transferred to Another System

If consumers wish to transfer data to another system, they simply need to request the transfer with the client. Based on the data transfer request, Agillic’s client will be able to set up an export flow in Agillic, allowing the consumer’s data to be filtered out after the data export.

Right to Request a Restriction of Data Processing for a Period of Time

Consumers have the right to request a restriction of the processing of their data. To ensure the consumer’s data will not be processed, the company will need to add the consumer to a group with restricted data processing for the given period of time.

Right to Information Correction

Depending on the source of the data, data correction can be done directly in the Agillic platform or on the client’s external systems. The data transfer process and the overwriting principles determine the system where the corrections should be made.

Right to Be Forgotten: Person Data Deletion

It is possible to delete consumer data, not only in Agillic, but also in many of the external systems connected to Agillic (e.g. CRM). This process simply requires the client to delete the user from the Agillic UI or use an API call. The client also will need to remember to delete the user from all external systems.

Please note that deletion will remove the consumer’s data from the current Agillic system, but not from the backups. The consumer data will be fully deleted from all Agillic backups no later than six months after the deletion date.

Right to Object Profiling

In GDPR-terms, profiling is any automated processing of personal data that aims to evaluate certain aspects about a person to analyse, for example, that person’s personal preferences, economic situation or behaviour. In Agillic, this means personalisation. Clients using a lot of personalised communication will need to consider what to do in the future if a consumer objects to profiling.

Right to Object Data Processing

As data processing is defined as “any operation or set of operations which is performed on personal data or on sets of personal data”, objecting data processing would, in Agillic-terms, result in a full opt-out.

Next Steps

Agillic aims to make it easy for our customers to comply with consumers’ requests for data privacy. For further information on Agillic and our GDPR procedures, check out our GDPR article. See also our GDPR checklist on things to consider regarding compliance.