Turtl + GDPR

Here’s what we’re doing to help you comply

No matter what sector or line of business you’re in, it’s important to be aware of and understand the General Data Protection Regulation (GDPR). It’s a set of laws introduced by the EU which came into force in May 2018 setting out the obligations of organisations to handle personal data in a secure and transparent manner. GDPR applies to businesses established in the EU and UK and any business that processes data of EU and UK citizens who are being offered goods or services or whose behaviour is being monitored.

We work hard at Turtl to ensure that every aspect of our own operations is GDPR-compliant, but we also want to make it easier for our customers and partners to achieve compliance in the use of our software. As such, we are fully committed to provisioning Turtl software with functionality to help you comply with GDPR.*

GDPR sets out seven principles which are summarised below along with information on how Turtl complies with each.

PrincipleHow Turtl complies
Lawfulness, fairness and transparencyTurtl allows you to embed your own CRM or Marketing Automation forms, including your own privacy policy and/or consent wording, meaning you can continue to manage GDPR compliance from your existing systems.

Or if you prefer to use Turtl’s native forms, you can customise these by adding a link to your own privacy notice.

Purpose limitationTurtl only processes personal data as required for the purpose of providing our core services to you. These purposes will need to be covered by the terms of your own privacy policy.
Data minimisationTurtl only processes personal data provided to us by you, as well as a limited set of analytics data generated by our software.
AccuracyThe majority of information stored by Turtl is analytics data, which is very unlikely to be inaccurate or incomplete, or any personal data contained within Stories. Turtl will assist you as reasonably required to comply with any requests by data subjects to exercise their rights to rectify of erase personal data under GDPR.
Storage limitationTurtl deletes personal data within 30 days of the end of a customer contract. This includes all data in production systems and in backup datasets.
Integrity and confidentialityTurtl takes data security extremely seriously and has a complete set of controls in place to keep your data safe, including best-practice security measures and ISO27001 certification.
AccountabilityTurtl is transparent about its use of sub-processors to enable you to document such use in accordance with GDPR.

If you have any further questions about how Turtl makes it easy for you to comply with GDPR when using our services, please get in touch.

*While Turtl takes steps to assist you to comply with GDPR, you will need to take your own legal advice to satisfy yourself that your intended use of our software complies with GDPR.

 

Turtl