Breakout logo
Roadmap
Pricing
Login
close
Roadmap
Pricing
Blog
Login

GDPR



What is GDPR?

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union. GDPR also addresses the export of personal data outside the EU. It aims to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. We take the GDPR very seriously at Breakout and apply all the following changes and features to all of our users around the world. This article describes the GDPR compliance status of Breakout.


What Breakout did about it

Our users’ privacy and individual rights are very important to us.:



  1. Awareness of the GDPR

    All managers and employees responsible for software development, design and infrastructure maintenance of Breakout are aware of the GDPR requirements. We always take data protection and privacy by design into consideration when developing a new feature, infrastructure, integration, or any processing activities. We also made sure the third parties we use are GDPR compliant and aware. We restrict access of personal information to Breakout employees & contractors who are subject to strict contractual restrictions and may be disciplined or terminated if they fail to meet these obligations


  2. Information we store about our customers

    When a user registers and opts-in, he/she needs to fill out their:

    • Email
    • First Name
    • Last Name
    • Organization Name
    • Organization Size
    • Invoice Details (Company Name and Address)

    We also collect the country of the user to make sure he/she gets their account’s interface in the right language. Other data collected to improve experience:

    • Data logs, images, or a logical sequence of images/videos to reply an issue encountered by a user
    • Internet protocol address, browser type, browser language, referring URL, features accessed, errors generated, time zone, geo-location data, operating system information, and other such information that is transmitted in the header of the user’s HTTP request

    Created on Breakout Platform as features offered to customer

    • Processes or Workflows Generated on the system
    • Consent based Access of Google Suite (Google User data)

      • Google OAuth APIs are used to perform a Single Sign On through Google, while doing so we ensure that the email provided by the Google Auth server is a valid user of the Breakout system.
      • We use Google Drive APIs to retrieve file URLs and Ids of the files attached by the user into his/her Kissflow account. We also manage the permissions of these files through the drive APIs on Breakout Platform
    • Data collected through digital forms [If you are collecting data from other users, your privacy policy will be applicable and not ours]


  3. Data Storage & Transfer

    • Everything is stored on secured AWS servers.
    • All our services are SSL Encrypted.
    • We may transfer your data outside your country’s jurisdiction. If you are located in the European Union or other regions with laws governing data collection and use that may differ from U.S. law, please note that you are transferring information, including personal information, to a country and jurisdiction that does not have the same data protection laws as your jurisdiction, and you consent to the transfer of information to the U.S. and the use and disclosure of information about you, including personal information, as described in this Privacy Policy.


  4. Individual Rights

    • The right to be informed: we inform our users about the use that will be made of their data. Our users can request the full RPA report via email contact@getbreakout.com.
    • The right of access: our users can access all their data from their dashboard.
    • The right of rectification: our users can update their information anytime they need through their profile page.
    • The right of erasure: Our users can delete their account themselves from the interface (if they are not on a paid plan) or send us a request to delete their account and all the information related to it via our live chat or by email contact@getbreakout.com.
    • The right to restrict processing: We have processes in place to ensure that we respond to a request for restriction without undue delay and within one week of receipt. We have appropriate methods in place to indicate and restrict the processing of personal data on our systems.
    • The right to data portability: Our users may contact us anytime if they wish to get an export of their data. We have processes in place to ensure that we respond to a request for data portability without undue delay and within one week of receipt.
    • The right to object: Our users and their end-users may contact us anytime regarding this matter and will take care of any legitimate request.
    • The right not to be subject to automated decision-making including profiling: We only collect the minimum amount of data needed and we don’t do “profiling”.


  5. Updated our Terms of Service and Privacy Policy

    You can read our updated terms of service and privacy policy by click on the following links: Terms of Use & Privacy Policy


  6. DPA

    Ask us for our DPA (Data Processing Agreement) and we will send it to you via email. You can email it back to us once you signed it to contact@getbreakout.com


  7. We use platforms and tools like:

    • Amazon Web Services, Inc.
    • Google, Inc.
    • Intercom, Inc.
    • Freshworks, Inc.
    • Zapier, Inc.
    • Zoom, Inc.
    • Hotjar Ltd.
    • Calendly LLC
    • Stripe, Inc.
    • Poptin Ltd


  8. Data breaches

    A personal data breach refers to a breach of security that can lead to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

    Our duty is to keep our users’ information safe and report certain types of personal data breach to the relevant supervisory authority within 72 hours. We also understand we must inform affected individuals without undue delay.

    We take our users’ personal data, business information and our system security very seriously. These are a few implemented procedures and methods that we take:

    • We use 2-Factor-Authentication on our sensitive accounts (e.g. hosting provider, etc.)
    • Isolated servers for the application and for sensitive data
    • Access to our server systems is allowed only from specific IP addresses
    • Daily backups. Always adding more automatic security tests to monitor the system And more


  9. Data protection officer

    Name: Abhishek
    Address: 1949, Bluebells Tower, Gaur Saundaryam, Tech Zone 4, Greater Noida West, U.P
    Postal code: 201306
    City: Greater Noida
    Country: India
    Email: contact@getbreakout.com


Breakout logo
FacebookLinkedinTwitter
Popular Guides
Workflow Automation  |  
HR Process  |  
Vendor Management  |  
BPM  |  
Procurement  |  
No Code  |  
Breakout Usage Guide
Getting Started  |  
Create a Workflow  |  
Invite Users  |  
Public vs Private Process  |  
Organization Settings  |  
Integrations  |  
Compare
Breakout vs Pipefy  |  
Breakout vs Kissflow  |  
Breakout vs Nintex  |  
Breakout vs ProcessMaker  |  
Breakout vs Process Street
Breakout vs QuickBase
About Us
Careers  |  
Privacy Policy  |  
GDPR  |  
Terms of Use  |  
Contact Us
Product
Pricing  |  
Start Trial  |  
Blog
Help Articles
Location
San Francisco, US  |  
Bangalore, India
© 2021 Copyright Breakout Platforms Inc. All rights reserved