Regpack has always been committed to data security as well as your privacy and your users privacy.
Since Regpack holds personal identifying information and financial information.
Regpack is GDPR and CCPA compliant. Below you can find details on how we meet these standards.
What is the GDPR?
GDPR is a new EU regulation that intends to strengthen and unify data protection and protect everyone’s fundamental right to privacy and protection of their personal data.
To that end, we have made some updates to our security and data processes in order to ensure full compliance with GDPR.
Please note that these changes are in place for ALL Regpack clients, not just European clients. While compliance isn’t required for organizations who are not based in the EU and don’t have users in the EU, we believe these updates benefit everyone and we can all enjoy extra data protections for our businesses.
Furthermore, if you have information of only one EU citizen then the GDPR rules apply to you. Since many times it is not possible to know all citizenship of your users we are applying the rules to all organizations using Regpack.
What is the CCPA?
CCPA is a California bill that enhances privacy rights and consumer protection for residents of California in the United States.
Intentions of the act include:
The intentions of the Act are to provide California residents with the right to:
- Know what personal data is being collected about them.
- Know whether their personal data is sold or disclosed and to whom.
- Say no to the sale of personal data.
- Access their personal data.
- Request a business to delete any personal information about a consumer collected from that consumer.
- Not be discriminated against for exercising their privacy rights.
For California Residents:
The California CCPA law also provides the following rights if you are a resident:
2.) The right to have access to and request the personal information collected. – Be in touch with our support team to make any data requests.
3.) The right to to be forgotten and have your personal data deleted. – Be in touch with our support team to make any deletion requests.
4.) The right to stop your personal information from being sold or shared. – Regpack does NOT sell personal data.
These policies lay out more clearly how Regpack uses data we receive as well as your relationship with Regpack.
We have never and will never sell your personal data, or your user’s personal data. Actually, we will never use your data or your user’s data for anything at all.
Regpack Security Page
Our Security page is updated with our security protocols and how we encrypt data to protect sensitive personal information. You can view that here.
Data Deletion Tool
In compliance with GDPR and CCPA, any user can request their data be deleted from your systems. This must be done within 1 month of their request, free of charge. All Regpack clients can email Support to request a user’s information be deleted. When the request is received, we will purge the user’s data and send confirmation the action was completed.
Please note that once data is deleted, you cannot retrieve the information and it is lost forever.
Please note that further to the GDPR requirement of only holding data you need, if you cancel your Regpack account, all data including ALL user data, will be purged IMMEDIATELY upon confirmation of cancellation.
Data Processing Agreement for Regpack Clients
- Data Processing Agreement: this document lays out the data protection measures Regpack has taken and what data protection measures you are required to take.
- Service Agreement: this is the same service agreement you received when onboarding. It has been updated with additional language regarding data security.
We must have these agreements signed in order for your account to remain active. Once signed, you can view the agreements at any time under Settings → Bill for further reference.
Regpack Employee Access
According to GDPR regulation, data should only be exposed to individuals that are allowed to view it. To that end, Regpack will be updating it’s internal permissions and Regpack employees will be limited to the scope and type of data they have access to. This includes, but is not limited to, the inability to export any type of report, viewing user data without consent and other secure measures.
Admin Account Security
Further to the GDPR requirement that data is exposed only to people that need to see it, Regpack has enhanced admin login security measures that ensures your account is always safe and that no data can get into the wrong hands.
The system includes an advanced algorithm for possible account security threats. If a potential security issue is detected, you will need to approve your access to the system by issuing a code that will be sent to your admin email. This 2 step verification will happen every time the algorithm detects a possible problem.
Please note that the algorithm might ask you to complete the action regardless of a possible threat just to calibrate itself according to your usage patterns. Please note that if the algorithm detects a repeated threat to your admin account, it will lock it down for manual investigation. This is done to protect you and your user’s data.
Once in a while, Regpack will send you informational emails regarding updates to the system and other product updates. Please note we never send any communications to YOUR users. If you do not wish to get informational emails and system update emails we allow to unsubscribe from them easily simply by telling us. If you prefer not to get this information simply email “email@example.com” and we will take you off the list.
As always, Regpack is committed to your success. We take the security of our product, as well as you and your user’s data very seriously. We believe that you should control your data and we have always believed that users should be given the option to control their data. It is theirs after all. GDPR and CCPA makes this mandatory to all systems gathering information.
If you have any questions, please don’t hesitate to contact us.