Auto-delete "Submissions" and "Dispatch items" after a specified time

Comments

8 comments

  • Official comment
    Avatar
    Sara Kaplow, Community Manager

    Update: 

    While we are now GDPR compliant, this functionality was not required to meet those standards. We take both data security and feature requests seriously, and will consider this as we do other customer requests for product improvements. You can read about our GDPR steps here: https://help.gocanvas.com/hc/en-us/articles/360010186193-Is-GoCanvas-GDPR-compliant- and reference our Privacy Policy: https://www.gocanvas.com/content/about-us/policy/privacy-policy
     
    You can delete Submissions via our API, but Dispatches are not included in that functionality. You can learn more about our API here: https://help.gocanvas.com/hc/en-us/articles/115006824328-How-to-use-Webservices-with-GoCanvas.
    Comment actions Permalink
  • Hi Jonas,

    Thanks for your feedback. I know we're working on becoming GDPR compliant, and it's great to have some of these specifics outlined so other customers can vote them up!

    0
    Comment actions Permalink
  • Avatar
    Länsförsäkringar Skaraborg

    Any news on this?

    0
    Comment actions Permalink
  • Avatar
    Länsförsäkringar Skaraborg

    Still no news?

    0
    Comment actions Permalink
  • Avatar
    Länsförsäkringar Skaraborg

    Hi again,

    In what way are you now "GDPR Compliant"?
    Your Privacy Policy is not "GDPR Compliant" in it's current form, as I see it - as it's not protecting your customers data enough. Can you define what steps you have taken to fulfill the GDPR regulations?

    As deletion of data/information that is no longer needed is one of the key aspects of GDPR, I think you can't say that you fulfill GDPR without implementing functionality that automatically and safely delete collected/processed data when it's no longer needed (defined in XX days, by the customer itself). And that you can assure that the information then is permanently deleted, and not to be used by you or any of your partners. Storage and data processing locations and partners are not defined in your Privacy Policy. 

    In contrast with the GDPR regulations, you state in the Privacy Policy that you gladly disclose collected information to third parties, without defining who they are, in what countries they are located, and what type of information you disclose to them. Another worrying note is that storage and data processing locations and partners are not defined in your Privacy Policy. Restricted access of information is a key aspect of GDPR, as information is not allowed to be shared to any unauthorized parties. This makes the suggested deletion functionality even more important to implement.

    0
    Comment actions Permalink
  • Avatar
    Sara Kaplow, Community Manager

    We worked with a security firm to do an audit of our practices, and made updates as they required. We did not implement a system such as described above, but users can request that their data be deleted (see this post: https://help.gocanvas.com/hc/en-us/articles/360010186193-Is-GoCanvas-GDPR-compliant-, specifically the questions and requests section). It is not required by GDPR to automate data at a period defined by the customer, per our security consultant. 

    Our data is stored in AWS East, which is GDPR compliant. 

    The third party info includes a few pieces: 1) when users choose to integrate with a third-party platform (eg dropbox, box, zapier, etc) information is shared - this is done by the user, not GoCanvas 2) applications such as google analytics, which collect anonymous information about usage of the website through cookies (disclosed as required by GDPR in a popup on the site) and 3) our customer support platform (Zendesk) which is connected by SSO to GoCanvas. 

    0
    Comment actions Permalink
  • Avatar
    Länsförsäkringar Skaraborg

    As stated under "How We Disclose Information" and "Transfers of Your Personal Information" in your Privacy Policy - information disclosure is not limited to what you describe.
    The Privacy Policy also do not say how the customer data/information is protected, when stored and transferred. Is it encrypted or protected in other ways?
    You have to restrict information disclosure to a bare minimum, and not share data to parties that do not handle it in accordance to GDPR, and not at all if the data exchange is not absolutely necessary to keep the service running.

    How We Disclose Information

    We disclose the information that we collect, including personal information and User Content,as follows:

    • Affiliates. We may disclose information to current or future affiliates or subsidiaries for research, marketing, and other purposes consistent with this Privacy Policy.
    • Service Providers. We may disclose information to our vendors, service providers, agents, or others who perform functions on our behalf.
    • GoCanvas Partners. We may disclose your information with the creator(s) of application(s)that you download in the GoCanvas Application Store.
    • Other Unaffiliated Third Parties. We may disclose information to other unaffiliated third parties, including for those third parties’ own marketing purposes.
    • Business Transfers. We may disclose information to another entity in connection with, including during negotiations of, an acquisition or merger, sale or transfer of a business unit or assets, bankruptcy proceeding, or as part of any other similar business transfer.
    • Protecting Rights and Interests. We may disclose information to protect the safety, rights, property, or security of GoCanvas, the Services, any third party, or the general public; to detect, prevent, or otherwise address fraud, security, or technical issues; to prevent or stop activity which GoCanvas, in its sole discretion, may consider to be, or to pose a risk of being, an illegal, unethical, or legally actionable activity; to use as evidence in litigation; and to enforce this Privacy Policy or our Terms of Service.
    • Legal Compliance. We may disclose information to comply with applicable legal or regulatory obligations, including as part of a judicial proceeding; in response to a subpoena, warrant, court order, or other legal process; or as part of an investigation or request from law enforcement or a government official.
    • Aggregate and De-Identified Information. We may disclose, rent or sell,aggregate, anonymous, or de-identified information for marketing, advertising, research, compliance, or other purposes.

    In addition to the above, we will disclose your information to third parties as described to you at the time of collection or as consented to by you before disclosure. For example, you may use our Services to share information that you collect with your GoCanvas applications, with third parties (e.g., PDFs that you share with the GoCanvas App Store or information that you share with another GoCanvas user or account). Once this data is shared with these third parties, the data becomes their property and GoCanvas does not assume the risk or liability of what data you have shared now or in the past.

    Transfers of Your Personal Information

    Any personal information you provide to GoCanvas through our Services may be transferred to or accessed by the parties listed in How We Disclose Your Information above for the purposes described in How We Use Your Information above, to the United States or other countries that may not guarantee the same level of protection of personal information as the one in which you reside.

    0
    Comment actions Permalink
  • Still no comments on this?

    0
    Comment actions Permalink

Please sign in to leave a comment.