Gislen Software Private Limited is located outside the European Union.  However, we work mostly with clients in the European Union, in some cases, this is done via one of our wholly-owned subsidiaries located in the European Union. GDPR, therefore, applies to us as to how we handle personal data about European subjects and we are fully committed to achieving full compliance.

We have identified the areas in which GDPR affects our work:

  • Our website, which stores visitor personal information and provides forms for visitors to use to contact us or comment on posts. We also use service providers to support the site which, according to GDPR, act as processors for analysing visitor data.
  • In our back-office systems in India where we store data about client contacts in emails, in documents and other ways.
  • We are processors for our European clients who handle personal data of European subjects. Mostly this is done remotely from our office and the data itself remains on European servers.  In most cases, our role is to support the systems and not process personal data.  But, to support the systems, we will in many cases have access to the data itself.  We will sign processor agreements with relevant clients based on the Standard Clauses provided by the Commission.

The right to privacy of our clients, their employees and customers are our priority.   We intend to achieve full GDPR compliance and ensure that individual privacy is maintained in every way.

What is GDPR?

GDPR stands for the General Data Protection Act, legislation which provides comprehensive pan-European data protection.  GDPR was introduced in the European Union and the European Economic Area (EU/EEA) in May 2018 replacing the 1995 Data Protection Directive.  GDPR regulates authorities and organisations as to how they are allowed to process data (called ‘personal data’) about individuals in the EU (called ‘data subjects’) including collecting, storing, transferring or use.

GDPR gives individuals free of charge rights to control their data.  Individuals have the right to know what data an organisation stores about them and to request a correction, deletion or even transfer to another organisation when that is applicable.  GDPR requires organisations to report breaches within 72 hours of discovery.  The regulatory bodies in each country are getting significantly more ability to enforce compliance and impose high fines for non-compliance and breaches.

For more information about the GDPR please read the official web page.

Gislen Software GDPR compliance and information

We have a few pages on our website describing our roadmap to GDPR Compliance and further information about GDPR.

GDPR Compliance

For compliance with GDPR, we need to ensure that we are transparent on in which way our website handles private data about EU subjects. Detailed information about this is found in our Privacy Policy

Information about how this website handles information about visitors:

  • When a user accesses our website we ask permission to set cookies.
  • We use cookies set by WordPress, Google Analytics, HubSpot, HotJar and CloudFlare and we may from time to time use other tools to improve the content of our website, user experiences or SEO ranking. However, we never analyse individual user data.
  • With respect to Ad Servers: We do not partner with or have special relationships with any ad server companies.
  • We do use forms where visitors can enter information. In these cases, we inform the user what we will do with the data and ask for permission before the data can be sent.

In the next section we include as far as we know a complete list of cookies, technologies and processing partners which may in any way be involved in processing your personal information which either may be stored on our website, in the processing partners system or be transferred to our servers in India. Note that we don’t set cookies for all of the below-mentioned technologies. However, since we do use them in one way or another and since they may collect personal data about you, we mention them here. If you want to contact us without any risk of any information about you being stored in our website or reaching any of our partners below, we recommend that you make a direct phone call to +91-2262 7541 during Indian office hours. Please note that just because we list certain companies and technologies below it does not mean that we use them at any given time.

If you feel that this site is not following its stated information policy, you may contact us using any of the channels mentioned on our contact page.

What if any of the plugins or providers are not compliant?

In case we find or get to know that any of the plugins or technology partners we use is not GDPR compliant we will as fast as we can remove them and request them to remove any data they may have collected.

Cookies and technology partners we use

Details on technologies, partners and cookies

The following section lists the technologies, partners and cookies used to create a good browsing experience, help us to evaluate how our visitors use our site and how we collect personal data and use it.

WordPress

This is a site built using WordPress. WordPress is a basic website tool but it also includes various plugins. Some of these plugins collect data themselves. We do use JetPack for Analytics. Jetpack and WordPress are working with GDPR compliance. For more information see WordPress privacy policy and JetPack’s. A guide for how to make a WordPress site compliant is found here.

A WordPress website collects personal information through the following means:

  • user registrations,
  • comments,
  • contact form entries,
  • analytics and traffic log solutions,
  • any other logging tools and plugins,
  • security tools and plugins.

WordPress will set a session cookie called PHPSESSID. This cookie is only used inside a session and is therefore allowed as per GDPR.

Here are some other WordPress plugins we use which do collect data and we describe how we are working to be GDPR compliant.

Contact Form 7

Visitors can fill in a few forms on our page. The information is sent to our official email system via email and routed to the right person. The information is also stored in a table on the website. We have added a checkbox where you have to accept our terms and conditions before you can provide any information.

Very Simple Contact Form

We use this form to collect certain feedback. We have provided a GDPR compliance checkbox where you have to accept the terms before you can post anything.

Cloud Flare

We use Cloud Flare as our CDN (Content Delivery Network), which helps in improving the performance of distribution the content across the globe. Cloud Flare also provides some analytics and protects against DoS attacks. Cloud Flare has clearly stated on their GDPR page that they will be fully compliant when GDPR comes into effect on May 25, 2018. We have signed a GDPR processing addendum (DPA) with Cloud Flare.

The __cfduid cookie is set by our Content Delivery Network (Cloudflare) and is used to identify individual clients behind a shared IP address and apply security settings on a per-client basis. For example, if a certain laptop is used in a local area network where there are laptops infected with viruses, but the specific person’s laptop is trusted (e.g. because they’ve completed a challenge (within your Challenge Passage period), the cookie allows Cloudflare to identify that client and not challenge them again. It does not correspond to any user ID  and does store any personally identifiable information.

Because Cloudflare uses this cookie to identify both HTTP and HTTPS requests from known clients, we do not set the “secure” flag on it. This is not a risk, however: as mentioned above the cookie does not contain sensitive data.

It is not possible to block the Cloudflare cookie at the moment. A Content Delivery Network ensures good performance of websites across the globe.

Facebook

We use Facebook to keep in touch with clients, employees, potential recruits, friends and prospects to engage with our community. We post on Facebook, and occasionally, we give links to our webpage in such posts. In this website, we also use Facebook cookies to track and analyse our user’s behaviour. Facebook explains what they do with cookies here. Facebook’s cookie policy is found here. Facebook’s GDPR compliance statement is found here.

Google Analytics

We use Google Analytics to understand what kind of visitors have, where they come from and how they navigate on our site. Google uses the following cookies: _ga Google provides a general processor agreement to cover GDPR compliance. Google is providing a general processor agreement to cover GDPR compliance.

Hubspot

To show a pop-up form when visitors look at our page and to assist us in marketing, we use Hubspot. Hubspot may also capture all the information you entered in the form on the site. For detailed information about HubSpot’s policies, please visit their GDPR compliance page.

HotJar

At times, we use Hotjar to find out how users use our website, for example, via heat maps. This helps us to see where users click and how they scroll or navigate inside the page. The purpose for us is to improve the user experience on our webpage. This is a cookie we may use. We have signed a GDPR processing addendum (DPA) with HotJar.

Check their Cookie page for more information on what cookies Hotjar may use. Hotjar has a GDPR-compliance page.

Twitter

We do use Twitter at times. Twitter lists their GDPR compliance on their page.

Deleting Information

According to the GDPR, unless we are required by law to retain any such data, you have the right to request the removal of any data we store about you. Please note that to delete any data stored about you by Google Analytics, HubSpot, Twitter or Facebook, you may need to approach them directly (by clicking on the button below, we will delete the cookie, which should satisfy the requirements of the GDPR).

To block intrusion attempts, we store IP addresses when users try to log in with the wrong credentials. These IP addresses will not be removed since the storage of these is based on legitimate interest and not on consent.

Request personal data

If you want to know what data we have stored about you, request a change or request for deletion of data. Please fill in the form below:

    GDPR-Request

    Please note that GDPR demands that we store the request for deletion, while all other data would be deleted or anonymised.