Qntrl has always been mindful of its users’ rights to data privacy and protection. With GDPR, we’ve taken a closer look at what we do in order to be compliant with this regulation.

What is GDPR?

The General Data Protection Regulation (GDPR) has been in effect since May 25th, 2018. It’s a regulation in the EU that aims to give individuals granular-level control of their personal data. The GDPR imposes obligations to all organizations in the world that target or collect data related to people in the EU.

What is personal data?

Personal data is any information that relates to an individual who can be directly or indirectly identified. This includes, but is not limited to, name, email address, location information, ethnicity, gender, biometric data, website cookies, and photos.

Stakeholders involved

  • Data Subject

    The person whose data is processed

  • Data Controller

    The person or organization that decides why and how personal data will be processed

  • Data Processor

    The person or organization that processes the data on behalf of the Data Controller

How is Qntrl GDPR complaint?

To start with, Qntrl has always respected user privacy—we have never used your data to serve ads, and never will. We collect only required data, store it securely, and provide transparency in data processing. That said, we have also made some changes to ensure the additional level of security that GDPR encourages.

Data Processing

  • Audit Log

    Organization owners can track every event at an organization with audit logs, and know who did what, and when.

  • API

    The OAuth 2.0 protocol is used in Qntrl APIs for authentication and authorization processes.

  • Marketplace Extensions

    Your personal details are shared with marketplace vendors only after obtaining your consent. We do not save any credentials that might be used to log into any third-party services. And in case you use tokens generated by third-party applications while using extensions, we save an encrypted version of those tokens. Learn more.

  • Field Encryption

    You can protect confidential customer data with encryption. On encrypting the fields, the text is converted into cipher, and can be accessed by authorized users only. Learn more.

  • Zoho Directory

    Qntrl integrates with Zoho Directory to help facilitate smooth logins. Learn more.

  • Role-Based Access Control

    Organization owners and admins can determine who has access to what, and which permissions they have. Learn more.

  • Disclosure of Data

    Qntrl features like two-factor authentication, role-based access, field-level permissions, data encryption, and the ability to limit access to orchestrations ensure that you have a tight control over who can access what.

  • Data Security

    With OWASP secure coding practices, DDoS protection, data centers across the globe, compliance certifications including ISO 27001 and SOC-2 Type II, and other security, privacy, and compliance practices, Qntrl ensures that your data is secure. Read more.

Rights of Data Subject and Data Controller

  • Right to access

    Organization owners can access all customer information recorded in Qntrl. For example, a lead’s information if a sales process is automated with Qntrl, or an employee’s details if employee onboarding is automated. Job owners can access the customer information in the jobs they own. Other users can access customer information only if they have necessary permissions.

  • Right to rectification

    Organization owners can edit organization details, customer information, and business processes at any time. Other users can edit customer information and business processes based on their access privileges.

  • Right to erasure

    As an organization owner, you can delete any customer information or business process, any time you want. Other users can do so only if they have necessary permissions. As an organization owner, you can also choose to discontinue our services at any time, by deleting the organization. If you choose to delete your account, we'll add it to the deletion queue, and will be deleted in the next clean-up cycle.

  • Right to restrict processing

    As an organization owner, you can stop processing a customer’s record when required. Any user other than the organization owner can do so if they have the required permissions. Read more.

  • Right to data portability

    Organization owners can create a backup of all the information in their organization. A password-protected link of the backup will then be emailed to the organization owner. This link will expire after 7 days and the exported ZIP file will be deleted. Learn more about this here. Users can also export all jobs, or a particular job that they have access to, as XLS or CSV files.

We are a service of Zoho Corporation Pvt. Ltd. and you can find Zoho’s GDPR policy here

Disclaimer: The information presented herein should not be taken as legal advice. We recommend that you seek legal advise on what you need to do to comply with the requirements of GDPR.