Kabuto and GDPR Compliance

The General Data Protection Regulation ("GDPR") will be enforced starting May 25, 2018, and we are committed to being compliant and providing our clients with the tools they need to also be compliant.

There are two aspects of GDPR that we feel are important to cover with you. The first is our responsibility to you, and the second is your responsibility to your clients.

  1. GDPR: Kabuto and Your Business
  2. GDPR: Your Business and Your Customers

GDPR: Kabuto and Your Business

GDPR can be broken down into some primary categories:

  1. Specific and Unbundled Consent
  2. Data Portability
  3. Right to Erasure (aka Right to be Forgotten)
  4. Breach Notification Policy
  5. Supporting Documentation

Specific and Unbundled Consent

We are careful to respect your desire to be marketed to or not. If you feel you are receiving marketing communication that you did not consent to, please contact us so we can address it immediately. There is a link at the top right of this page - "Request Help"

Data Portability

We make it easy to download a portable copy of your data. Just head over to your Kabuto Online Dashboard > Settings page, and click the "Export Data to Email" button. This will send you a copy of your data via email.

T0Ntrf6_-_Imgur.png 

Right to Erasure

We accommodate your right to erasure via a support ticket. Please contact us and we will take care of it! There is a link at the top right of this page - "Request Help".

Breach Notification Policy

Our policy is that we will notify you within 72 hours of discovering a breach.

Subprocessors and Subcontractors

What is a Subprocessor? A subprocessor is a third party data processor engaged by RepairTech, who has or potentially will have access to or process Service Data (which may contain Personal Data). RepairTech engages different types of subprocessors to perform various functions as explained below. RepairTech refers to third parties that do not have access to or process Service Data but who are otherwise used to provide the Services as “subcontractors” and not subprocessors.

RepairTech only stores your data with the Privacy Shield covered entities below. See links for reference.

Subprocessors

GDPR: Your Business and Your Customers

If you want to market to your customers via Kabuto, you need to separately (unbundled) ask them to opt-in to that. You should do this before installing Kabuto on any of their Devices. 

Data Portability

We make it easy to download a portable copy of your data via the Settings page on your Kabuto Online Dashboard. If a client requests data from you, you can edit that portable copy (it's a spreadsheet) and send the rows that apply to that specific client.

Right to Erasure

A person should be able to request their personal information be erased from your systems. You should know exactly where it's being stored and be able to comply with their request. There are some big exceptions to this rule for what the language calls "future legal defense" and also "where deleting the data would conflict with any other legislation." More on this later.

You should read up on this requirement of GDPR to see if/when you need to actually process an erasure. It seems there are possibly reasons you would want to decline, but in the event you want to process this for them we give you these tools.

First, you can go to each Device they have and "Deactivate" and "Uninstall" the agent:

In addition to that, you're also able to delete a Customer:

Breach Notification Policy

You are required to report a breach once discovered within no more than 72 hours except where the notification could result in a risk to rights or freedoms to others. There are requirements to what that notification includes and you can easily write something up based on the legislation text found here.

We don't provide a tool for this, but if Kabuto is breached you can be sure we will report to you per the GDPR rules. We can't offer specific legal advice here, but you may want to have a policy ready that says how you will respond to a breach. We feel it's a little unclear if every small business needs to build all these policies.

Supporting Documentation

If you store personal information in online systems you should maintain a list of them for others to see and understand where their data is. American companies that store data are registering with PrivacyShield.org.

We have a list of relevant hosts and services higher up on this page, you may refer your Customers to this or create your own pages. We are not 100% clear what would make you compliant in this regard.

Third-Party Resources

Have more questions? Request Help.

Have more questions? Submit a request
Powered by Zendesk