On this page, you can find our general terms & conditions. In order to ensure that both we and our customers are properly equipped to meet the demands of the latest EU personal data regulation (GDPR), we have integrated these demands into our general terms & conditions. In cooperation with our legal advisors, we have also created a data processor agreement that likewise meets the demands of the GDPR.
This page also includes an FAQ on GDPR, where we answer the most frequently asked questions that we receive on the subject of the treatment of personal data. Finally the page is rounded off with our extensive GPDR guide. This guide explains what GDPR means for your business and how you may expediently ensure that you are compliant with the GPDR.
Please do not hesitate to contact us if you have any questions related to our terms & conditions or the GDPR.
webCRM Terms & Conditions:
webCRM Data Processor Agreement:
How does webCRM ensure that our mutual agreement complies with the GDPR?
In cooperation with our legal advisors, we have developed a GDPR-compliant data processor agreement. This agreement has the specific purpose of ensuring that both we and customers operate on a basis of complete GDPR compliance. You may find the data processor agreement here.
Practically speaking, how does webCRM ensure that we have the right data processor agreement between us?
webCRM is a standard software distributed to thousands of customers in many different countries. In order to ensure that all customers are provided the same rights, we have chosen to follow the industry standard and integrate the rights of the GDPR with our general, business terms & conditions. In doing so, we (like Microsoft and others) have established a "Trust Center" on our webpage, where we've gathered all the GDPR information that is relevant for you as our customer.
When does the GDPR enter into force?
The GDPR was approved and signed by the European Parliament in April 2016. The Regulation will enter into force after a two-year transition period and, unlike a Directive, the GDPR does not require approval by the national legislatures. This ensures that the GDPR will enter into force in May 2018 across the EU.
Who will be affected by the GDPR?
The GDPR does not only apply to organisations operating within the EU. Organisations outside the EU are also required to comply with the GDPR if they offer goods or services to EU citizens. It applies to all companies that process and store personal data on citizens residing in the EU, regardless of the location of the company.
What are the penalties for non-compliance?
Companies can be fined up to 4% of their annual global turnover, or € 20 million, for breaches of the GDPR – whichever amount is the greater. This is the maximum fine that can be imposed for the most serious offenses, such as where a company does not have sufficient customer consent to process data. There is a ‘layered approach’ to fines here: for example, a company may be fined 2% of its annual turnover for not having its records in order (Article 28), without informing the supervisory authority and the data subject of these omissions. It is important to note that these rules apply to both ‘data controllers’ and ‘data processors’. This means that cloud companies are not exempt from GDPR enforcement.
What defines personal data?
Any information related to an individual or ‘data subject’ which can be used to directly or indirectly identify that person. This may be anything from a name, a photo, an email address or bank details to posts on social media, medical information or a computer’s IP address.
What defines sensitive personal data?
Information on the religious, political and/or sexual preferences of a person, health-related information as well as information on race, affiliation with unions etc.
Are names sensitive personal in and of themselves?
A name is not sensitive personal data when viewed in isolation from other pieces of information. However, if a name leads to the identification of a person in a sensitive context (in combination with other data), e.g. if a person is participating in a health-related examination, then the name is considered sensitive personal data and is to be treated as such in correlation with the directives of the GDPR.
On May 25 2018, the new EU personal data act enters into force. The law, which applies across the entire EU, is officially known as the General Data Protection Regulation (GDPR).
The purpose of the new legislation is to provide EU citizens with greater control of their personal data. This is ensured through a series of legal measures which increase the demands related to the handling of personal data by companies.
We have a written a guide which helps you understand the GPDR and what you need to do in order to meet the demands of this new legislation.