This article will answer some of your legal questions about Dealfront's Sales Intelligence CRM integration. Read below to learn more!
Quick Links:
Is it GDPR compliant to push contact records from Dealfront to the customer's own CRM system?
Please note that Dealfront does not provide legal advice. In principle, it is your responsibility to check that the data processing you carry out complies with applicable law.
As you may know, under most data protection legislation, such as the GDPR, a company must have a legal basis for processing personal data. If it does not have a legal basis for processing personal data and does so anyway, this processing is unlawful and may (if discovered) lead to fines, legal proceedings and other negative consequences.
In principle, the data processing of your customers or future customers (e.g. in your CRM) falls under Article 6 (1) lit. b GDPR (data processing for contract fulfillment). In this case, the data subjects have actively commissioned you and expect their data to be processed in connection with the services you provide.
In the case of contacts who are not yet customers or concrete future customers, i.e. there is no direct customer relationship, you may be able to rely on a ‘legitimate interest’ within the meaning of Article 6 (1) lit. f f of the GDPR.
What does it mean to invoke a ‘legitimate interest’?
Relying on ‘legitimate interests’ means that a company may collect and process personal data if
They have a legitimate reason for doing so AND
Their interest or right to process the data is stronger than the individual's interest in protecting their privacy (balancing test)
While the GDPR explicitly mentions sales and marketing activities as an example of lawful use (see recital 47 of the GDPR), the balancing test must be carried out for each individual person and cannot be generalized.
Does Dealfront process our CRM data in a legally compliant manner?
Dealfront processes all personal data shared with us via the CRM integration as a data processor in accordance with our Data Processing Agreement ("DPA") and the requirements of Article 28 GDPR. Our Data Processing Agreement (DPA) is based on the Standard Contractual Clauses published by the European Commission.
Dealfront's DPA governs this processing activity and the CRM integration is explicitly mentioned under "Section 2 - Subject matter and duration of data processing". Dealfront is therefore contractually and legally obliged not to use its customers' personal data for its own purposes. Dealfront strictly adheres to these requirements.
How does the data flow between Dealfront and the customer's own CRM system work?
Dealfront copies the data from the customer's own CRM system and compares it with the Dealfront database to establish relationships. In addition, Dealfront allows Dealfront users to create records in the customer's own CRM.
Dealfront stores the customer's own CRM data so that it can be matched, viewed and new records created.There is a regular sync that synchronizes the CRM database with the Dealfront database.
What data is copied by Dealfront from the customer's own CRM?
Data is currently copied from the objects
Accounts
Contacts
Leads
Tasks
Opportunities
When does Dealfront delete the data?
The data that Dealfront synchronizes from the customer's CRM system is stored on Dealfront's AWS servers in encrypted form (in transit and at rest).
If the Dealfront user decides to remove the CRM integration from Dealfront, Dealfront will delete all data that we have synchronized from the customer's CRM from their servers.
How often does Dealfront query the customer's CRM data?
Dealfront queries the customer's own CRM data daily to check for changes and synchronize any new records with the Dealfront database.
Does the data go to third parties?
No, apart from the sup-processors identified in the DPA.
--
Questions, comments, feedback? Please let us know by contacting our support team via the chat or by sending us an email at support@dealfront.com.