Do you also value GDPR?
Capturi is a safe choice
Are you already a customer or are you considering whether Capturi is a safe choice for your business? Dive into how you can use the platform in compliance with the data protection law
– Tue Martin Berg, CEO
The features of our platform are built with a focus on the principles of “Privacy by design and default”. In developing the platform, we have therefore focused on data subjects and their rights under data protection law, and we have designed the platform to support this focus.
In addition, we are constantly trying to further develop the platform with solutions and features that help our customers to comply with their obligations, including in relation to ensuring the correct basis for processing (see more below), as well as the possibility to delete data according to self-established deletion policies.
In any customer relationship, we process personal data on behalf of our customers. In this relationship, our customers are the data controllers and we are the data processor. This means that both we and our customers are obliged to enter into a data processing agreement, the content of which must comply with the requirements of the GDPR.
Capturi uses the Data Protection Authority’s standard contractual clauses as the data processor agreement. This means that we fulfil our joint obligation to enter into a valid data processor agreement.
You can download our data processor agreement here.
Read more about our use of subprocessors here.
What about recorded customer calls?
Recording customer conversations can add great value to a business. We have therefore compiled an overview of the relevant considerations before recording calls – these apply to both inbound and outbound.
Our security measures
Data processing is an integral part of the platform we provide to our customers.
Therefore, the trust and confidence of our customers that we can deliver our services in a secure and confidential manner is crucial to our business foundation. We hence take security very seriously and have a continuous focus on it.
Some of our security measures include:
Use of supplier certified to ISO 27001:2013, 27017:2015, 27018:2014 and ISO 9001:2015 for hosting platform within supplier’s EU/EEA data regions.
Backup and anti-malware
Daily backup and updated anti-malware and virus on systems and devices.
Full redundancy with the main hosting and operation provider to ensure access and continuous operation of the platform.
Use of Multi Factor Authentication login
Use of Multi Factor Authentication login for the platform and production environment.
Physical security of sites
Physical security of sites with individual access key fobs and codes and monitoring of facilities.
Background checks of employees.
Full TLS and HTTPS encryption of data in transit and in storage.
Segmented and encrypted network and connection to Security Operation Center (SOC) via hosting provider.
Ongoing platform check
Ongoing checks of platform and systems with respect to OWASP top 10 vulnerabilities, including occasional use of “ethical hacker”.
Logging of access and actions in platform and systems.
Procedures for access to production environment and access to customer data.
Hardware reuse is done exclusively by restoring factory settings, and hardware destruction is done according to the market standard for this, meaning that data recovery is not possible.