GDPR FAQs

How is Screen-Magic preparing for GDPR?

Screen-Magic is working diligently to be GDPR compliant across all of its applications. We have thoroughly analyzed GDPR requirements and have put in place a dedicated internal team to drive our organization to meet them. These initiatives include:

  • Identifying personal data – Our applications undertake different levels of personal data collection, usage, storage and disposal. Defining the purview of personal data for each of these applications and documenting the various sources of data provides a roadmap for compliance.
  • Providing visibility and transparency – The most important aspect of GDPR is how the collected data is used. As a data processor, Screen-Magic’s key role is to provide our customers (the data controllers) with the access to effectively manage and protect their user data. Screen-Magic is focused on developing optimal product enhancements without compromising on performance to provide better transparency to our customers.
  • Enhancing data integrity and security – As our customers tighten their data security measures, we’re streamlining the processes for our cloud applications by implementing IT policies and procedures that provide end-to-end security.
  • Portability and transferability of data – GDPR gives end users the right to either receive all the data provided and processed by the controller or transfer it to another controller depending on technical feasibility. Screen-Magic is working on further enhancing its data exporting capabilities to enable export at the individual level.
What does this mean for customers?

We understand that meeting the GDPR requirements may take a lot of time and effort. As your partner, we want to help you make your process as seamless as possible, so you can focus on running your business. Some of our product enhancements will make it easier for you to:

  • Provide access controls
  • Encrypt, anonymize, or delete user data
  • Perform data audits or assessments using data processing logs
  • Create provisions for data subjects’ rights
  • Enhance security for user data
What is Screen-Magic doing to be GDPR ready?

Our GDPR progress plan includes the following components:

  • Screen-Magic has created a data privacy team to oversee GDPR activities and raise awareness.
  • Current security and privacy processes are in place and where applicable, we are revising existing contracts with third parties and customers to meet GDPR requirements.
  • A Data Audit has been conducted to identify the Personally Identifiable Information (PII)/Personal Data that is being collected.
  • Analyze how this information is being processed, stored, retained and deleted.
  • Assess the third parties to whom Screen-Magic discloses data.
  • Establish procedures to respond to data subjects when they exercise their rights.
  • Establish and conduct Privacy Impact Assessment (PIA).
  • Create processes for data breach notification activities.
  • Continuous employee awareness is vital to ensure continual compliance with GDPR.
Who is a Data Protection Officer (DPO)?

A Data Protection Officer is the professional responsible for the data protection activities and measures inside the company. He/she holds the security leadership role in charge of overseeing data protection strategy and implementation to ensure compliance with GDPR requirements.

Our information security manager will be our DPO. If you want more details, you can reach out via email at data-protection-officer@screen-magic.com.

What does ”Secure by Design” mean for you?

Screen-Magic’s internal process of development takes data protection as a key aspect and requisite. All data can be tracked, the processing is understandable and under control, and tools are in place that grant rights of access, deletion and portability for data subjects.

How does Screen-Magic handle customer data?

For any data handling related queries, you can reach out via email to data-protection-officer@screen-magic.com

Does Screen-Magic have a data center in Europe?

Yes, we have a data center in Europe hosted with Amazon AWS in Dublin, Ireland. If you are an existing EU customer of Screen-Magic, you can place a request to move your data from our US data center to our Europe data center.

How do you manage customer consent for sending text messages?

For SFDC, we have an opt-out and opt-in mechanism you can use.

If you are using our portal to send SMS, you can use the subscription feature to manage customer consent. You can get in touch with our customer support at https://www.sms-magic.com/support/.

What level of access does Screen-Magic have to customers’ Salesforce org?

Screen-Magic personnel do not have access to our customers’ Salesforce org. Our customer support agents may need temporary access to a customer’s org for troubleshooting or setting up the SMS-Magic platform. Our support agent will only access a customer’s Salesforce org after receiving explicit consent from the customer via email. Customers are recommended to give limited profile access which is only needed for setup and troubleshooting purposes.

The SMS-Magic platform has API access to our customers’ Salesforce org, which is used programmatically for updating SMS transaction data in the customer’s Salesforce org and retrieving SMS aggregate data for quality checks. This API access is granted using OAuth by a particular user of the customer’s org. The SMS-Magic platform will have the same access level of the OAuth user but the platform only accesses SMS-Magic objects. It’s recommended that customers only grant limited access to SMS-Magic users.