GDPR Compliance

This Statement of GDPR Compliance was last updated on April 19, 2018.

Background & Compliance Statement

The EU General Data Protection Regulation (GDPR) is the most significant piece of European privacy legislation in the last twenty years. It replaces the 1995 EU Data Protection Directive (European Directive 95/46/EC), strengthening the rights that EU individuals have over their data, and creating a uniform data protection law across Europe.

At Sudo Technologies, Inc. ("IntroLogic", "us", "we"), we don’t see GDPR as just a legal obligation or another compliance box to tick. We are in full compliance with the applicable GDPR regulations as a data processor, and we’re excited to help our customers understand how we are approaching the privacy and security of their information.

Importantly, IntroLogic never sends unsolicited emails to ANY of your contacts, nor does it allow any other user to send unsolicited email to your contacts.

Any and all questions about this policy may be directed to our Data Privacy Officer at bhupesh@intrologic.com.

Privacy Rights

GDPR is a legal framework that enforces common sense data privacy protections that we all want. Below is how we address the most important of these rights:

  • Informed Consent: Whenever we request personal data from our users, we explain exactly why we require that data. Currently we ask for the following data from our users:
    • Access to your email metadata. Specifically this includes the “Headers” of your emails, but NOT the content of your email nor any attachments. With this information we can only see who you are emailing, when you email, and the subject of those emails. This data is never shared with anyone and is only used to build a graph of your connections and classify the “strength” of your relationships.
    • Access to your LinkedIn data. LinkedIn allows you to export your connections and profile, and when you upload that data into our system, we use it to build a graph of your connections.
    • Access to CRM data. This allows us to make recommendations to your sales team about which introductions they should request. This data is NEVER shared with any 3rd party.
  • Erasure: IntroLogic stores information about people (e.g., their name, contact info, and employment information) and their relationship with other people. Any person (user or otherwise) may request that all the data about them in the system be erased permanently from the system. When a customer requests to delete all the data provided to us we delete all the data sources they have provided us, as well as all derived data from those sources.
  • Restriction of Processing: Any user of IntroLogic may request to restrict processing of their data at any time. Once requested, IntroLogic will (a) make that person’s information invisible to other users, and (b) stop processing all information provided by that user (e.g., email contacts).
  • Data portability: Any user or customer organization may request to export their data (but not the data of affiliated organizations) at any time. This will include the data about your contacts, the information about the relationship with those contacts, and the full history of all actions taken in the IntroLogic application with respect to those contacts.
  • Rectification: Any person may request to alter the data about themselves in IntroLogic as long as they verify their identity.
  • Access: Users may request an export of all the information we have about them, as well as all the information we have collected from them. This will be provided within five business days of receipt of the request.

To request support for any of the above, please email support@intrologic.com.

Data Processing

In addition to the privacy requirements, GDPR also regulates how we process our customer’s information. Below is how we address the most important of these requirements:

  • Onward Transfer: In all cases where we transfer personal information to a 3rd party, we ensure that we have GDPR-compliant Data Processor Agreement in place with those third parties prior to transferring any customer data to them.
  • Data Security: For more information about how we protect the security of our customer data, as well as our practices regarding notifications of breaches, please see our Data and Security Policy.
  • Access: Users may request an export of all the information we have about them, as well as all the information we have collected from them. This will be provided within five business days of receipt of the request.

What's Next?

At IntroLogic, we strive to deliver an incredible customer experience. We will continue to make additional required operational changes resulting from the new legislation, and will keep our clients, partners and regulatory authorities informed throughout this process. We are also in the process of pursuing privacy shield compliance and expect to complete that process in May 2018.