databunker

For startup founders from a startup founder ;-) As a startup founder, you need to think about the conversion rates. Better conversion rates mean better business. If you want to target European customers, and you are using CRM service from Silicon ... [More] Valley, you can not simply do it without notifying your potential customers. Some privacy experts will tell you, it is enough to write about it in your privacy policy. Others will tell you to change your landing page and add a checkbox to your customers to consent for their personal data processing to be processed in the USA CRM service. We have another suggestion for you - stick with cloud services provided by European companies. You can simplify your privacy policy, and your legal obligations, by avoiding personal data transfer out of the European Union. For example from Europe to the USA. To make it really simple, you can do the same as we do. Go with European SAAS vendors when choosing your service provider. We decided to build a curated list of European SAAS vendors for you. Many services provide a limited free plan so it is great for the early stage companies. Vendor Information Mailjet is a French company. The company was sold to Mailgun (USA). It is a powerful email service provider. It provides an API and SMTP service to send emails as well as regular email marketing/newsletter services. An additional bonus: up to 6000 emails per month is for free: https://www.mailjet.com/ Mailerlite is from Vilnius, Lithuania. It is a great email marketing and survey company. An additional bonus: up to 12000 emails per month is for free: https://www.mailerlite.com/ An Ireland based business-oriented email marketing and survey company. They provide an API for your service. The company recently launched a major privacy initiative called Do not track: https://sensorpro.net/dnt . An additional bonus: the freemium plan is free for up to 2,500 subscribers: https://sensorpro.net/ SMS.TO is easy to use SMS gateway. The service can send messages to WhatsApp and Viber messenger. The company is from Cyprus. It is easy for developers to start working with this service. The company offers a small signup bonus (less than 1 euro) to send out test SMS messages: https://sms.to/ BulkGate is a SMS gateway supporting Viber. The company is registered in Czech Republic: https://www.bulkgate.com/ Retarus is an international business communication platform. Offers Email, fax, SMS, and EDI services. The company has a number of European offices and offices in the USA: https://www.retarus.com/ Crisp is an Online chat https://crisp.chat/. It is based in France. Basic version is for free. Pipedrive CRM - from Estonia. https://www.pipedrive.com/ Capsule CRM - from UK. This service has plugins for gmail and has a free plan for small guys. https://capsulecrm.com/ Really Simple Systems CRM is from UK. https://www.reallysimplesystems.com/ Suite CRM is an open-source project. You can deploy it in your servers in EU. https://suitecrm.com/ Vtiger CRM is an open-source project. You can deploy it in your servers in EU. https://www.vtiger.com/open-source-crm/ Do you know a European vendor missing from the list? Contact us at [email protected] and we will add it to the list. [Less]

For European startup founders. if you want to simplify your privacy policy, and your legal obligations, you need to avoid personal data transfer out of the European Union. For example from Europe to the USA. To make it really simple, you can do the ... [More] same as we do. Go with European SAAS vendors when choosing your service provider. We decided to build a curated list of European SAAS vendors for you. Vendor Information Mailjet is a French company. The company was sold to Mailgun (USA). It is a powerful email service provider. It provides an API and SMTP service to send emails as well as regular email marketing/newsletter services. An additional bonus: up to 6000 emails per month is for free: https://www.mailjet.com/ Mailerlite is from Vilnius, Lithuania. It is a great email marketing and survey company. An additional bonus: up to 12000 emails per month is for free: https://www.mailerlite.com/ An Ireland based business-oriented email marketing and survey company. They provide an API for your service. The company recently launched a major privacy initiative called Do not track: https://sensorpro.net/dnt . An additional bonus: the freemium plan is free for up to 2,500 subscribers: https://sensorpro.net/ SMS.TO is easy to use SMS gateway. The service can send messages to WhatsApp and Viber messenger. The company is from Cyprus. It is easy for developers to start working with this service. The company offers a small signup bonus (less than 1 euro) to send out test SMS messages: https://sms.to/ BulkGate is a SMS gateway supporting Viber. The company is registered in Czech Republic: https://www.bulkgate.com/ Retarus is an international business communication platform. Offers Email, fax, SMS, and EDI services. The company has a number of European offices and offices in the USA: https://www.retarus.com/ Crisp Online chat https://crisp.chat/ based in France. Basic version is for free. Pipedrive CRM Pipedrive CRM - from Estonia. https://www.pipedrive.com/ Capsule CRM Capsule CRM - from UK. This service has plugins for gmail and has a free plan for small guys. https://capsulecrm.com/ Really Simple Systems Really Simple Systems from UK. https://www.reallysimplesystems.com/ Suite CRM Suite CRM - open-source https://suitecrm.com/ Vtiger CRM Vtiger CRM - open-source https://www.vtiger.com/open-source-crm/ Do you know a European vendor missing from the list? Contact us at [email protected] and we will add it to the list. [Less]

The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect ... [More] data related to people in the EU. Any company that stores or processes personal information about EU citizens within EU states must comply with the GDPR, even if they do not have a business presence within the EU. GDPR includes 3 sides in gathering and processing personal data: A controller is a “person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing of personal data”. Processor is a “person, public authority, agency or other body which processes personal data on behalf of the controller”. Physical person called Data Subject which owns his/her personal data and is, under certain rules, to give them to Controller. Controller has to know and control all data given to Processor at all times. In order to have any company and web site comply with GDPR, web site owners need to define Cookie Policy and Privacy policy and make them visible to any site visitor. That means one should inform all data subjects on what personal info they gather and process, for what purpose, for how long and which third parties will have access to data etc. These information are expected to be in detail explained in Privacy Policy. In that way, data subject (private person) will have an opportunity to decide whether he/she wants to give consent and exercise certain relationship with Controller (company) in case some personal data will be exchanged or given to controller to process them. In order to check how your personal data is used on certain site that uses Privacy Bunker system, one has following options and functionalities on disposal. First thing user will see on landing page (example of https://boost.hr/ site) is Privacy and Cookie notification in form of pop-up window. At the bottom of pop-up window is option “Customize settings”. Once you click on it, any user can see what cookies are on disposal and can decide himself/herself what cookies will allow while visiting this web page. It is important to click on “Save settings” once you have decided what type of cookies you will allow to be placed on your device. Below option to “Customize settings” one has another option – “Privacy portal” (lower right part of pop-up window). In order to check whether this site is having your email address (drop-down menu offers more personal data check-out) one has to click on check-box where one confirms to allow sending access code to 3rd party service. Also, at the field “Enter email” one can type email address one wants to check within personal data registry on this site. Also, it is mandatory to enter captcha code before clicking LOGIN. Below is an example of filled form just before clicking LOGIN and submitting request to receive code for login. You can note that links to Terms and Conditions (Uvjeti korištenja), Privacy Policy (Politika privatnosti) are visible at all times as they should be in accordance with GDPR regulation. On submitted email address new message will arrive with Access Code. Following screen shows that correct code is entered and user needs to click on ENTER in order to access its personal profile related to this web site. In that way user enters Privacy Bunker Homepage. One can see that blue ribbon line is offering number of options. Below Privacy Bunker provides tools that might contain your data, in this example MailerLite and WordPress as Boost uses only those tool for newsletter distribution. Other companies might use more tools related to personal data. If user chooses option “Profile” (on blue ribbon) option to be forgotten will be visible. Screen also shows what exact data this web site uses. In case web site uses additional tool, on “App Data” option (blue ribbon options) additional data will be listed. Additional option on blue ribbon is “Privacy control” where user can check all given consents, but also has an option to “Withdraw consent”. If one chooses option User Requests all record on requests will be shown. If there are none, system will notify user that “No matching records found”. Profile activity “History” on blue ribbon will show all users activity records related to this web site. Coming back to Homepage of Privacy Bunker will show several options related to any of the external systems used (in this example MailerLite and WordPress). Another option (blue button) will fetch selected data. If user chooses Fetch data from MailerLite tool following screen shows report details that are shown to user. This testimonial was generated by non-technical person which shows that even average internet user can control his/her personal data using Privacy Bunker tool. Therefore, as Boot LLC Croatia General Manager I can fully recommend Privacy Bunker solution to any company owner or any web site owner that feels having GDPR compliance on web site is too complicated to too costly. It is not, one just has to let experts from Privacy Bunker solve your compliance problem. Vitomir Lučić, GM at Boost LLC Croatia [Less]

For European startup founders. if you want to simplify your privacy policy, and your legal obligations, you need to avoid personal data transfer out of the European Union. For example from Europe to the USA. To make it really simple, you can do the ... [More] same as we do. Go with European SAAS vendors when choosing your service provider. We decided to build a curated list of European SAAS vendors for you. Vendor Information Mailjet is a French company. The company was sold to Mailgun (USA). It is a powerful email service provider. It provides an API and SMTP service to send emails as well as regular email marketing/newsletter services. An additional bonus: up to 6000 emails per month is for free: https://www.mailjet.com/ Mailerlite is from Vilnius, Lithuania. It is a great email marketing and survey company. An additional bonus: up to 12000 emails per month is for free: https://www.mailerlite.com/ An Ireland based business-oriented email marketing and survey company. They provide an API for your service. The company recently launched a major privacy initiative called Do not track: https://sensorpro.net/dnt . An additional bonus: the freemium plan is free for up to 2,500 subscribers: https://sensorpro.net/ SMS.TO is easy to use SMS gateway. The service can send messages to WhatsApp and Viber messenger. The company is from Cyprus. It is easy for developers to start working with this service. The company offers a small signup bonus (less than 1 euro) to send out test SMS messages: https://sms.to/ BulkGate is a SMS gateway supporting Viber. The company is registered in Czech Republic: https://www.bulkgate.com/ Retarus is an international business communication platform. Offers Email, fax, SMS, and EDI services. The company has a number of European offices and offices in the USA: https://www.retarus.com/ Crisp Online chat https://crisp.chat/ based in France. Basic version is for free. Pipedrive CRM Pipedrive CRM - from Estonia. https://www.pipedrive.com/ Capsule CRM Capsule CRM - from UK. https://capsulecrm.com/ Really Simple Systems Really Simple Systems from UK. https://www.reallysimplesystems.com/ Suite CRM Suite CRM - open-source https://suitecrm.com/ Vtiger CRM Vtiger CRM - open-source https://www.vtiger.com/open-source-crm/ Do you know a European vendor missing from the list? Contact us at [email protected] and we will add it to the list. [Less]

We got an account deactivation email from HubSpot. It brought a total change to the whole privacy paradigm we had. In order to comply with new California and EU privacy laws, we are now required to remove or anonymize personal data for expired ... [More] trials, customers who no longer require our services, and nonactive free accounts. We are obligated to do it even without customer (data subject) requests. Let’s start from the beginning. PrivacyBunker SaaS is about privacy automation. We are constantly developing plugins for popular SaaS and DB products. The system uses these plugins in order to fetch customer personal records, change record values (i.e. email, etc…), delete or anonymize personal data. We developed management tools for Data Privacy Officers (DPO) to execute data subject requests. We also have a self-service that allows end-customers to see their personal data from all SaaS services and from all connected databases (MySQL, PostgreSQL, SQL Server, Oracle, MongoDB, etc…). So, we made this plugin for HubSpot. When it was ready, we opened a test account at hubspot.com to test the plugin. When the tests were finished successfully our team added HubSpot to our list of supported SaaS products and kept on working in order to provide other services and features. After a while, we received an account deactivation email from HubSpot. At first glance, it may seem something simple. In the reality, it was sent because of the regulations that every company with customer personal data has to comply with. Not complying with this privacy regulation requirement (data minimization) can lead to a multi-million euro lawsuit that only the giants of the industry can afford to pay without being bankrupt. What is this data minimization? Data minimization stands that organizations should keep customer data at a minimum only sufficient to provide a service. If you look in the official GDPR Article 5 you will find the following. Personal data shall be (c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed and (e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. What about CCPA? Data minimization is not mandated by the CCPA. But California Privacy Rights Act of 2020 (CPRA) approved on November 3, 2020, has data minimization. Similar to HIPAA’s minimum necessary rule and the GDPR’s data minimization principle, the CPRA codifies data minimization principles: The collection, use, retention, and sharing of personal information must be “reasonably necessary and proportionate to achieve the purposes for which the personal information was collected or processed”. The new law also requires notice of retention periods, and those retention periods must be “no longer than reasonably necessary” for each disclosed purpose. What about SOC 2 Developed by the American Institute of CPAs (AICPA), SOC 2 defines criteria for managing customer data based on five “trust service principles”—security, availability, processing integrity, confidentiality and privacy. Trust Services Criteria document, section P4.2 has the following definition: Retains Personal Information — Personal information is retained for no longer than necessary to fulfill the stated purposes, unless a law or regulation specifically requires otherwise. So, the above is similar to data minimization retention period. Now let’s talk numbers. In the SaaS business converting 60% of the trial accounts to customers is considered a big success. It leaves even the most successful companies with a lot of personal info they have to get rid of or convert to anonymous. This is a lot of nonprofitable work and work is costly. This work needs avoiding because it will not move your business ahead, but it has to be done in order to comply with privacy regulations and avoid lawsuits that can hurt your business. The same problem exists not only for SaaS companies but for most Data Controllers and partially for Data Providers for their online business leads. Our services will allow you to do the important things and not waste time (and time is money) because of the regulations. Let’s talk about your need and how our system can serve you: [email protected] [Less]

Let’s start with the bad news for many European companies. If you use Hubspot CRM, you might break the law. If you use other US CRM, you might break the law. If you use Indian CRM, you might break the law. On July 16, the Court of Justice of the ... [More] European Union issued its long-awaited decision in the case Data Protection Commission v. Facebook Ireland, Schrems. That decision invalidates the European Commission’s adequacy decision for the EU-U.S. Privacy Shield Framework, on which more than 5,000 U.S. companies rely to conduct trans-Atlantic trade in compliance with EU data protection rules. Why Schrems-II compliance so important? Data exporters are liable to personal data when performing a cross-border transfer. The Data exporter is your company - a CRM service customer. Data exporters need to implement supplemental technical measures to prevent governmental authorities from identifying individuals pertaining to the data in the target countries. In the case of CRM, it is not possible. You need to save customer details in cleartext. Alternatively, you might get explicit consent from your customers for their personal data to be processed in the US. It is called Standard Contractual Clauses (SCCs). Suppose, you hire someone to collect marketing leads for you. You have the list now. Now, you need to contact each guy asking for his consent for his details to be saved in the USA (i.e. Hubspot). I am sure, no one is going to do it. No one will bother his potential customers asking for their consent that their personal data will be saved out of European Union. For the companies using landing pages to collect leads If landing pages are your only method to collect prospects, you win. You can add a checkbox on your landing pages asking for your customer’s consent for his details to be processed by US companies. It must not be pre-checked. Otherwise, you break another GDPR rule ;-). List of European SaaS providers. I maintain a list of companies you can work with: https://privacybunker.io/blog/european-cloud-saas-vendors/. [Less]