ServiceM8 and the GDPR

Follow

If you live in Europe you’d be aware that the General Data Protection Regulation (GDPR) is effective as of 25 May 2018. Replacing the Data Protection Directive 95/46/EC, the GDPR is the most significant change to data privacy regulation in recent history, and introduces regulatory responsibilities to both ServiceM8 and its users around the handling of personal information.

ServiceM8 is committed to the security and privacy of your personal information and account data, and enabling you to meet your own GDPR obligations in respect to handling the personal information of your own clients. You can get more information on the GDPR here.

What has ServiceM8 done to prepare for the GDPR?

A significant aspect to the GDPR is ensuring that personal information transferred outside of the EU is afforded the same level of protection as if it were held within the EU.

The ServiceM8 platform is based on Amazon Web Services (AWS) infrastructure, with several data centres around the world providing ongoing data storage and service delivery for ServiceM8 users.

To best meet the requirements of the GDPR, ServiceM8 has undertaken a major project to establish a sole EU data centre, migrating all EU-based ServiceM8 users and their account data to this regional data centre, ensuring your account data remains within the EU region. A notable side-benefit to this project was an improvement to general data upload and retrieval speeds for users in this region.

ServiceM8 has also updated its Privacy Policy to accommodate the GDPR’s requirements and other best-practice privacy principles around the world, including clarification of roles and responsibilities around handling of personal data. ServiceM8 will continue to review and update this policy and the ServiceM8 Terms of Service over time.

We’ve also developed some straightforward guidance materials on how to use ServiceM8 to action certain data access and portability requests from your own customers (see below).

Who is the data controller & who is the data processor?

You may have seen reference to the responsibilities of “data processors” and “data controllers” under the GDPR.

A data controller is an entity responsible for the means, purposes, collection, entry, use and retention of personal data. A data processor is an entity which processes personal data on behalf of a controller, and in accordance with their instructions.

In your business’s relationship with ServiceM8, you are the data controller of your end-customers’ personal information, and ServiceM8 is the data processor. You determine and control the entry, use and retention of any personal information within your account, and you have direct responsibilities under the GDPR regarding how you use ServiceM8 with your customers' personal data. ServiceM8 processes this information as part of providing the ServiceM8 service, and in accordance with your instructions and ServiceM8’s privacy policy & terms of service.

Further, in respect to your personal information as a ServiceM8 account holder, ServiceM8 is also a data controller. You can read our Privacy Policy for more information on how ServiceM8 handles your own personal information and our security practices.

Does ServiceM8 have sub-processors?

Yes. ServiceM8 processes the personal information of your customers and other account data entered by you using Amazon Web Services (AWS), the world’s leading cloud infrastructure service provider. You can read about AWS’s GDPR readiness and certifications here.

With respect to control and sub-processing of your own personal information as a ServiceM8 account holder, ServiceM8’s sub-processors include Amazon Web Services, Zendesk, MailChimp, LiveChat, Google, Mixpanel, and Stripe.

What resources are available to help me comply with the GDPR?

We've developed some straightforward help articles to help you action any requests from your customers when exercising their data access & portability rights:

More information

ServiceM8 Privacy Policy
ServiceM8 Terms of Service
Amazon Web Services (AWS) GDPR readiness announcement
GDPR Homepage
UK Information Commissioner’s Office Guide to the GDPR

Contact

If you have any questions about ServiceM8 and the GDPR you can get in touch with us at privacy@servicem8.com

Have more questions? Submit a request