Sabisu stores very limited information about you; your company email address is the bare minimum needed for access to Sabisu.
We also store your job title and uploaded avatar if you choose to share it.
As a business platform we store no payment, billing, personal or contact details apart from your employer email address.
Sabisu is not designed or intended for the upload of personal information.
How does Sabisu use it?
At Sabisu we respect your privacy rights and are committed to protecting your personal information at all times. We don’t share any information about you or what you do on the platform with any third party.
We use your data for:
- Access to the Sabisu platform
- Supporting you in your use of the Sabisu platform
- Occasionally updating you on product features, capabilities or case studies. (You can opt out.)
Sabisu does not send marketing emails. We’re not really interested in volume marketing.
We are the sole controllers of the data you decide to store with us and we use it only to improve the service we deliver to you. Terms of service are set in the contractual arrangements with your employer – the organisation that licenses Sabisu.
We are contractually obliged to release data to your employer should they request it.
Significant steps have been taken to secure all data stored in the platform, including the very limited amount of end-user data retained.
All communications with the platform are secured using the latest protocols. All data retained is encrypted.All our customers have audited our information security arrangements and access is only provided to bona fide customer employees.
Where is my data held?
Your data is held in the region and jurisdiction your employer feels is most appropriate.
Some customers retain data only in the US, some only in Europe, some in both.
GDPR & PECR
As per the EU’s guidance GDPR affects organisations if they offer goods or services to, or monitor the behaviour of, EU data subjects.
Under GDPR Article 6(1)(f), applying the ‘three part test’ and following guidance from the ICO, Sabisu has a ‘legitimate interest’ in storing employee email addresses for customers for the purposes of information security and in the ongoing provision of a commercial service; in the language of GDPR, this is ‘strictly necessary’.
GDPR Recital 47 also applies as the licensed end-user is a ‘relevant and appropriate relationship’.
Of course, the individual’s right to opt out of the platform or any communications underpins everything we do, ensuring Sabisu is compliant with the ‘balancing test’.
While separate from GDPR, Sabisu also complies with the Privacy and Electronic Communications Regulations (PECR) which has informed our approach to GDPR, noting:
- We only email users at corporate entities and always include an ‘opt out’ link.
- There are very limited privacy impacts on contacted individuals.
- Individuals would reasonably expect to receive updates which allow them to better maximise their return on investment in the platform, or evaluating the platform.
- Individuals have, in the past, objected to consent procedures which disrupt their use and access to what can be a mission- and time-critical platform.
- There are no telephone contacts stored or used.
Sabisu subscribes to the UK ICO and has a nominated DPO (though this is not mandated).
Sabisu offers goods or services only to organisations in the EU rather than directly to end-users. There is no monitoring of behaviour within the platform.
Sabisu does not meet any of the EU GDPR definitions for processing sensitive personal data, hence ‘explicit’ consent is not required by Sabisu to process your data. Contracts with your employer ensure your privacy is respected and grant Sabisu unambiguous consent within strict limitations.
Any questions about privacy or GDPR compliance should be addressed to firstname.lastname@example.org