GDPR

Is the General Data Protection Regulation (GDPR) also important to you?

If so, Capturi is the safe choice as we take GDPR very serious.

If you are considering whether Capturi is a safe choice for you, please use the following information to confirm we take GDPR seriously, and that we care about your GDPR compliant use of our platform.

A great example of this is that we have switch our setup from an AWS based cloud setup to a European setup with data location within EU/EEA, and the possibility of only choosing suppliers with no third country ties.

– Tue Martin Berg, CEO

GDPR compliance

Our software solution is developed in the GDPR area, hence the principles of "Privacy by design and default" is an integral part of our software solution. In developing the solution, we have focused on data subjects and their rights, and we have designed the platform to support the catering of these rights as best as possible.

In addition, we are constantly trying to further develop the platform with solutions and features that help our customers to comply with their obligations, e.g. features supporting deletion policy compliance, the right to be forgotten, general data minimization features, and much more making GDPR compliant use of the platform easy.

In order for our customers, as data controllers, to control Capturi’s processing of data on behalf of the customer in compliance with GDPR, we let ourselves be audited by an independent audit for the purpose of providing our customers with an ISAE3000 report on GDPR compliance.

Download our ISAE3000 statement here

GDPR compliant data processing agreements

In all our customer relationships, Capturi processes personal data on behalf of our customers as the data controllers. Consequently, we as parties are obliged to enter into a data processing agreement.

Capturi uses the Danish Data Protection Agency’s standard contractual clauses as the basis for our standard data processing agreement. This has the advantage that we can fulfil our joint obligation to enter into a GDPR compliant data processing agreement.You can download our data processor agreement here.

One of the most important things for our customers is transparency in the sub-processors we use to provide our services, hence a complete list of these, including copies of our data processing agreements with them.
You can download it here.

Call recordings

Recording customer conversations and analyzing these is a great way to create value for a business in terms of both optimizing operations as well as educating employees, but also an action and purpose that requires a clear legal basis before commencing.

Luckily, our customers have a very good understanding of this. Eventhough this seems to be a general trend, we have compiled an overview of relevant considerations to have prior to recording both inbound and outbound calls.

Our security measures

Trust and confidence in our ability to safely process our customers data is of upmost importance to Capturi given the close ties this has to any customers wanting to do business with us. We therefore take security very seriously and have a continuous focus on it.

Some of our security measures include:

Suppliers

Use of suppliers being sufficiently certified based on recognized standards such as ISO 27001:2013, 27017:2015, 27018:2014 and ISO 9001:2015, and use of suppliers being able to guarantee processing within EU/EEA data regions.

Background checks

Background checks for all employees.

Redundancy

Full redundancy setup with main hosting and operations provider to ensure access and continuous operation of the platform.

Encryption

Full TLS and HTTPS encryption of data in transit and in rest.

Backup and anti-malware

Daily backup and updated anti-malware and anti-virus on all systems and devices.

Hardware

Hardware reuse is done by restoring factory settings only, and hardware destruction is done according to market standards for this, so data recovery is not possible.