In case you are simply visiting the Showpad.com website or any other Showpad domain (thus outside of the Showpad SaaS sales enablement solution or outside of any interaction with the Showpad SaaS sales enablement solution) the website terms shall apply instead of these Privacy Principles.
If you are looking for the Showpad Data Processing Agreement, click here.
GDPR in General
Showpad NV, with address Moutstraat 62, 9000 Gent (Belgium) with company ID 0836.159.992 and/or its affiliates (“Showpad”) has developed, exploits and maintains a “Marketing and sales success Solution” under a Software as a Services model, for the benefit of the Showpad Customers (the “Service”).
The new European Privacy regulation (“General Data Protection Regulation” or “GDPR”) introduces a whole new set of rules in respect of the processing of personal data. It aims to harmonise legislation throughout the EU with the intention to i) increase the general awareness on data privacy, ii) allow individuals to take control over their privacy and their fundamental rights, and, iii) to strengthen security requirements throughout companies and organisations.
Showpad embraces the opportunities GDPR brings and ensures being compliant by the time GDRP becomes enforceable (25 May 2018).
As GDPR is the most modern and fully integrated legislation on data privacy, and as the applicability of the GDPR does not stop at the borders of the European Economic area (“EEA”), Showpad uses GDPR as a standard against which its worldwide program is benchmarked.
Showpad has bundled the Privacy Principles that apply towards its Products Service in the following Frequently Asked Questions.
Frequently Asked Questions – Showpad Privacy Principles
These Showpad Privacy principles apply whenever a person makes use of, or is interacting with, the Service under a user account, or, as a third party individual being allowed (limited) access by an owner of a user account to the Service.
These Privacy Principles equally applies to the Showpad products (including front-end clients (e.g. the Showpad mobile application), Web-Interface (e.g. plugins) and/or Showpad Connectors to third party applications) interacting to the Service.
Be informed that if you use the Service as part of an entity or organisation that has an agreement with Showpad (like your employer), the terms of that organisation’s contract may provide for different or additional terms. Please contact your organisation for further details.
Showpad is offering a so called “Sales Enablement” solution (also sometimes called a “marketing and sales success platform”). It is the process of providing businesses with the information, content, insights, analytics and tools that help marketing departments and/or sales teams to better and more to the point engage respectively with the sales teams and/or their potential buyers throughout the entire buying process.
The Showpad Service measures the engagement of each party engaging through the Service, analyses their behaviour and profiles them, as well measure the attractiveness of content shared with them, to the extent they are interacting with the Service within the online environment of the Service as hosted by Showpad for and on behalf of the Controller.
The Showpad Service is offered as a “Software as a Service” (“SaaS”) model, which is a software licensing and delivery model in which software is centrally hosted and made available to multiple users over a network, including through interacting products (including front-end clients, apps, Web-Interface, plugins, or Connectors to third party applications).
The Personal Data is not processed for any other purpose than allowing Sales Enablement to take place for the benefit and under the control of the Showpad Customer.
There are three roles by which you can interact with or through the Showpad Service:
“GDPR” or “General Data Protection Regulation “(EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC) is the new harmonised European privacy legislation, which is the basis for the Showpad privacy program.
The GDPR applies to i) all organisations established in the European Economic area (“EEA”) and ii) to organisations, whether or not established in the EEA, that process personal data in connection with either the offering of goods or services to Data Subjects in the EEA or the monitoring of behaviour that takes place within the EEA.
As a consequence, from the moment there is an element or processing personal data in the EEA or from the moment a Data Subject located in the EEA is targeted, GDPR will apply, also to business not located in the EEA.
To the extent processing of personal data within your organisation falls within the material scope and territorial scope of GDPR (articles 2 and 3 GDPR), the GDPR requires that the processing occurs under a Data Processing Agreement that requires certain minimum criteria to be met (article 28,3 GDPR).
Showpad therefore has created a so-called “Data Processing Agreement” or “DPA” that includes all the required GDPR terms. Showpad’s DPA reflects the unique aspects of the Showpad platform and processing activities, and modifies your agreement for the Showpad Service to bring it into GDPR compliance.
You can find and execute the Showpad Data Processing Agreement here.
It is the Showpad Customer who chooses which individuals to interact with through the Service (and thus whose personal data are to be processed). It is therefore the Showpad Customer who legally is acting as the so-called “Controller” (as defined under GDPR).
In this situation Showpad is only offering the means allowing the Showpad Customer to interact with their respective Users and Prospects through the Showpad Service. This means that Showpad is only processing the personal data for and on behalf of the Showpad Customer as a “Processor” (as defined under GDPR).
The Showpad Service processes certain “information relating to an identified or identifiable natural person, for and on behalf of its Customers.
For each role (administrator, User, Prospect), certain contact information is being processed (i.e. direct identifiable personal data such as an e-mail addresses or name) as well as certain account information, profiling/behavioural information, device information, connection information, content, integrations with marketing automation/CRM services, geolocation (i.e. indirect identifiable personal data requiring a whole dataset in order to identify 1 single person).
For specific information on which types of personal data are being processed, see the administration settings in the Showpad Service or contact the Showpad data protection officer at email@example.com
No so-called “sensitive personal data” as per section 9 GDPR is being processed by or through the Showpad Service (e.g. medical information, biometrical information, racial information, social security information, criminal information …), nor should it be used for such data.
The Showpad Service is not processing any (personal) financial data or data that is regulated by rules of the Payment Card Industry.
Before each administrator’s, User’s and/or Prospect’s personal data is processed, consent from the respective person wil be sought at the different levels within the Showpad Service:
Consent is an allowed basis for the lawful processing of Personal Data (see section 6,1 (a) GDPR).
Next to that, certain limited personal information will be processed as required to administer the contractual relationship between Showpad and its Customer (see section 6,1 (b) GDPR) as well as to comply with certain legal obligations / legitimate interest of Showpad (e.g. consent log files) (see section 6,1 (c) & (f) GDPR).
The duration of processing shall continue as follows:
Showpad uses two types of subprocessors; 1) “Core Subprocessors” and 2) “Feature dependent Subprocessors”.
For more information on which subprocessors are used in the Showpad Service, see the administration settings in the Showpad Service or contact the Showpad data protection officer at firstname.lastname@example.org
Showpad only shares personal data with its (as well as its affiliates):
Showpad only exports personal data outside of the European Economic area (“EEA”) if and when required by:
In case of Feature Dependent Subprocessors, the Showpad Customer has a choice not to enable that specific service.
Where data export occurs, Showpad ensures that such export occurs under the adequacy decisions as allowed by GDPR (EU-US Privacy Shield, binding corporate rules, applicable EU standard contractual clauses, such other methods as allowed per the GDPR), and keeps the exported data to a minimum as necessary.
A cookie is a small text file that a website saves on your computer or mobile device when you visit a site. It enables the website to analyse your actions, to remember you preferences (such as login, language, font size and other display preferences) over a period of time, so you don’t have to keep re-entering them whenever you come back to the site or browse from one page to another.
Web beacons are electronic images (also called “gifs”) that may be used in the Showpad Service or in emails generated by the Showpad Service that helps to deliver cookies, count visits, understand usage and campaign effectiveness and determine whether an email has been opened and acted upon.
The Showpad Service uses:
Showpad has a good number of initiatives in that regard:
Showpad’s principle hosting infrastructure is located within the EU at a first-class world-renowned hosting partner (AWS – 2 separate EU regions). CDN (Content delivery network) towards the Showpad US data centers can be switched off (AWS – US East region).
Making available a dedicated privacy page in respect of the Showpad privacy program on showpad.com/privacy-policy.
The Showpad data protection officer supervises the entire data privacy program at Showpad and works in close conjunction with the Showpad Information Security Manager.
The privacy settings of the Service allow for a more granular approach to set the respective privacy settings. These settings make a clear distinction for Showpad Customers to change “General Privacy Settings”, “User Privacy Settings”, and “Prospect Privacy Settings”. These privacy settings can be managed by the respective account owner or privacy officers at the Customer in the backend of the Showpad Service.
Each subprocessor of Showpad is vetted by Legal, Infosec and the Showad data protection officer in the areas of security, contractual terms, data processing agreements, and, EU standard contractual clauses / Privacy Shield.
Our contractual documents are state-of–the-art and contain the necessary provisions, including in respect of data processing agreeents, end-to-end onfidentiality, and privacy policies (meeting all necessary legal requirements).
Personal Data can be anonymized through an “anonymous group” of Users. Personal data is in any case anonymized after a certain time of inactivity to be determined by the Customer.
All new product capabilities that are to be introduced from 2018 onwards, will follow three key cornerstones: (i) the GDPR principles of “privacy by design” and “privacy by default”, (ii) giving flexibility to both EU customers and non-EU customers within the GDPR guidelines – while (iii) keeping all changes as simple as possible.
The Showpad information security program is ISO 27001 certified and combines all aspects in order to comply with section 32 GDPR in respect of (i) protection against unauthorised disclosures, ii) ensuring integrity, availability and resilience of the processing systems, and iii) maintaining the ability to restore the availability and access to the Personal Data being processed in a timely manner in the event of a physical or technical incident. The whole Showpad Information security program is managed by the Showpad Information Security Manager, and is audited on a regular basis by an external audit firm having the competent capabilities (see https://www.bsigroup.com/en-GB/our-services/certification/certificate-and-client-directory/).
Individuals whose Personal Data is being processed under GDPR have the right to:
Such rights need to be exercised towards the Showpad Customer. In order to exercise such rights the individual in question shall have to provide proof of one’s identity by providing an official document (e.g. ID Card, driver’s license, …).
Showpad does not use the personal data processed through the Showpad Service for Showpad’s direct marketing purposes, nor does the Service employs automated decision-making processes or techniques which create or deny rights to the individuals in question.
Showpad only processes the personal data under instruction and under control of the Showpad Customer for the purpose of Sales Enablement, as described above.
In case you have a complaint about the way Showpad is processing Personal Data, please talk to us and we will listen to your complaint, and see if we can resolve this together.
However, in case of violation of one’s rights or in case of violations committed by Showpad or the Showpad Customer of applicable legislation under GDPR, You always have the right to log a complaint with the competent “data protection authority”. Information on the competent data protection authority and the way of logging a complaint can be found here (or the URL as updated by the European Commission).
Sales enablement is typically a solution that aims at selling products or negotiating a sales transaction. As such, the Showpad Service is not aimed for children under the age of 18 year, nor should it be used for such purpose. We consequently do not knowingly collect personal data from children.
If a parent or guardian becomes aware that his or her child has provided personal data that is processes though the Showpad Service without their consent, he or she should contact Showpad at email@example.com. If we become aware that a child has provided us with Personal Data, Showpad will take the necessary steps to have that personal data irrevocably removedfrom the Showpad Service
Showpad has appointed a data protection officer who can be contacted at Showpad NV – Moutstraat 62 – 9000 Gent (Belgium) or firstname.lastname@example.org .
The Showpad Service also tracks certain data other than personal data, more specifically technical, analytical data, and metadata which is collected automatically when a person is interacting with or through the Showpad Service (“Functional Data)”, which Functional is the sole property of Showpad.
Showpad collects the following Fuctional Data:
Showpad may use the Functional Data for a variety of purposes, including to: