Overview of Openprise RevOps Automation Platform
The Openprise RevOps automation platform makes a customer’s CRM, MAP and EDW work together and fill in missing capabilities in a single platform. A RevOps automation platform offers three integrated automation capabilities that are missing in a typical RevTech stack:
- Automating data quality, data management and computation tasks
- Automating and orchestrating business process tasks
- Making data easier to use be enabling RevOps to create apps and APIs to enable end user and system interactions with data and process automation.
Openprise has established detailed policies and procedures illustrating its data flows and processing practices and we document any decision-making reasoning relating to personal data. This includes:
- Internal data protection policies, including details of:
- Categories of processing carried out per controller
- Applicable processing purposes
- Data sharing and data retention practices
- Security measures
- Staff training
- Annual internal audits of processing activities
The following paragraphs describe which personal data Openprise processes to deliver its services, the location of that data and how it is secured in accordance with privacy principles, laws and regulations.
1. Personal Data Processing
Openprise SaaS Security Management Platform
The table below lists the personal data used by Openprise to carry out its services and describes why Openprise processes such data.
Personal Data | Purpose of Processing |
Customer Account Data (Customer contact info for product users) | Creating an account – Data collected are for product enablement, product use notifications, training and support only
|
Customer CRM/Engagement Data (Names, email addresses, other contact information and other engagement data with PII within the Customer CRM systems that Customer explicitly grants access to Openprise in order to provide the Services) | Providing the service – Data used to provide the services.
|
Customer Support Data
Openprise may receive and process PII that is provided by an Openprise customer when they make a support request to Openprise (“Customer Support Data”). Openprise only processes this data to assist the customer in resolving the issue and to improve Openprise’s services and support function.
Outside of the necessary requester contact information, Openprise does not intentionally collect or process PII via a customer support request. Openprise instructs customers to provide the minimum amount of personal data necessary to adequately provide the support request. Nonetheless, a customer may provide unsolicited personal data in the request or supporting attachments.
Personal Data | Purpose of Processing |
Customer Support Data The below is representative though not exhaustive list of the information a customer may provide to Openprise in a support request that may contain PII: name, email address, phone number of employee making request, information regarding support issue, software and/or hardware configuration files provided to enable support request, error-tracking files)
| — Provide customer support — Review and improve the quality of support service — Improve Openprise Services
|
Customer Support Case Attachment The below is representative though not exhaustive list of the information a customer may provide to Openprise in a support request that may contain PII: device configuration, command line interface (i.e. show commands), product identification numbers, host names, IP addresses, operating system (OS) feature sets, OS software version, browser type and version | — Provide customer support — Review and improve the quality of support service — Improve Openprise Services
|
2. Cross Border Transfers
When a new customer purchases a subscription to Openprise services, that customer’s Customer Account Data is always created, processed, and stored in North America.
Openprise services are hosted on Amazon Web Services in the United States or Europe (at Customer’s discretion). For information regarding Amazon Web Services compliance/certification please refer to documentation online at https://aws.amazon.com/compliance/. Certifications and SOC reports are listed on this webpage.
For information regarding GDPR impacts to cross border data transfers, please see the section on GDPR.
3. Access Control
Personal Data | Who has Access | Purpose of Access |
Customer Account Data | Customers | Granting and managing access to their own account. |
Customer Account Data | Openprise Employees – Licensing Operations, Engineering Operations and Support staff only | Creating an account and validating license entitlements and general product support and operations |
Customer CRM/Engagement Data | Openprise Employees –Engineering Operations and Support staff only | Providing the services and general product support and operations
|
Customer Support Data | Customers | Submitting customer support requests |
Customer Support Data | Openprise Employees – Licensing Operations, Engineering Operations and Support staff only |
Providing customer support |
4. Data Retention
Customer Account Data
Customer Account Data is retained for as long as customer is an active customer of Openprise services. In the event that a customer terminates its subscription, Openprise will retain such Customer Account Data for up to 90 days after termination after which Openprise removes all stored contact information, including potential PII, from all instances of Openprise’s product and customer relationship management platforms. Openprise retains basic customer relationship management data information of a customer as necessary to ensure support of recurring issues and to comply with audit policies related to business records of services provided to customers.
Customer CRM/Engagement Data
Customer CRM/Engagement Data is retained for as long as customer is an active customer of Openprise services. In the event that a customer terminates its subscription, Openprise will retain such Customer CRM/Engagement Data for up to 90 days after termination after which Openprise removes all stored information, including potential PII, from all instances of Openprise’s product platforms.
Customer Support Data – Customer Support Data is retained for as long as the customer is an active Openprise Brand Protection customer. In the event a customer terminates their subscription, Openprise will retain Customer Support Data until the customer requests in writing that Openprise remove all Customer Support Data, including potential PII from Openprise systems and third-party customer support platforms. Openprise retains related support data as necessary to ensure support of recurring issues and to comply with audit policies related to business records of services provided to customers.
5. Personal Data Security
Openprise has governance measures in place and has built its processing practices around the principles of data protection by design and by default. This includes data minimization, pseudonymization (where possible), allowing end-users to monitor the processing, and enhanced and up-to-date security features, such as encryption, confidentiality, integrity, resilience of processing systems, and ability to restore personal data in a timely manner in the event of an incident. Openprise’s technical and organizational measures and risk mitigation plans are audited, tested, and re-evaluated on an annual basis to ensure the appropriateness of its systems, networks, and business practices on an ongoing basis. Openprise has disaster recovery procedures set up to restore personal data in case of any security incident.
Personal Data | Type of Encryption |
Customer contact info for product admins and users | Encrypted in transit and encrypted at rest. |
Customer CRM/Engagement Data | Encrypted in transit and encrypted at rest. |
Customer Support Data | Encrypted in transit and encrypted at rest. |
Openprise will notify its customers without undue delay after learning of a data breach, if required by law, and has mechanisms by which it can detect and report data breaches.
6. Third Party Service Providers
Openprise’s agreements with its sub-processors reflect the obligations and commitments it has and makes to its customers. Openprise conducts prior due diligence on sub-processors before contracting with them.
Openprise provides Customers access to the Openprise Data Marketplace where they can choose at their sole discretion to import data from third party partners into the Openprise Service to provide enhanced value. More information on the Openprise Data Marketplace is available at:
The below table lists Openprise’s third party sub-processors that may process Customer personal information from the Openprise services.
Subprocessor | Potential Customer Data Access | Processing Activity | Data Location | Security/Privacy Program Link |
Amazon Web Services | Any Customer Data provided to Openprise | Data Center for all Services | U.S. or EU | https://aws.amazon.com/compliance/ |
The below table lists Openprise’s third party sub-processors that may process the below Customer personal information in the course of communicating with Openprise but that is not processed via the Openprise services.
Subprocessor | Potential Customer Data Access | Processing Activity | Data Location | Security/Privacy Program Link |
Salesforce | Customer contact information | Sales Account Records | U.S. | https://trust.salesforce.com/en/ |
Adobe Marketo | Customer contact information | Marketing | U.S. | https://www.adobe.com/trust.html |
Customer contact information | Corporate Email | U.S. | https://workspace.google.com/security/ |
7. GDPR (General Data Protection Regulation)
Openprise’s relationship with controllers
In providing the Openprise services, Openprise only processes personal data upon the documented instructions of its customers. To that end, Openprise has template data processing agreements ready for use with its customers, which include the following provisions:
- Subject matter and duration of processing
- Nature and purpose of processing
- Type of personal data and category of data subject in question
- Obligations and rights of our customers (as data controllers).
Openprise imposes confidentiality obligations on its authorized personnel who process the personal data. Openprise has implemented measures to assist its customers in complying with data subjects’ rights and requests.
Data Transfers to countries outside the EEA
We share data both with our affiliated companies within the Openprise group and certain external third parties who are based outside the European Economic Area (“EEA”). Any such processing will involve an export of data outside of the EEA. We endeavor to ensure that people to whom we provide personal data hold it subject to appropriate safeguards and controls. Whenever we transfer our customers’ employees’ personal data out of the EEA to countries that have not been deemed to provide an adequate level of protection for personal data by the European Commission, we ensure a similar degree of protection is afforded to it by implementing the following safeguards:
- We use specific contracts approved by the European Commission which give Personal Data the same protection it has in Europe known as the Standard Contractual Clauses (SCC) or Model Contracts. For further details, see EU: Standard Contractual Clauses for data transfers between EU and non-EU countries.
For example, our cloud storage provider is Amazon Web Services and we have entered into GDPR-compliant data processing terms, which incorporate by reference Model Contractual Clauses.
Based on Openprise’s understanding of GDPR, in consultation with other large, multinational organizations doing business in the EU, data containing personal data as defined by GDPR, including email addresses of individuals, may lawfully be transferred and reside outside the EEA for the purposes of processing such data to legitimately protect their organizations from cyberattacks.
It is Openprise’s belief and assumption that it meets all current applicable data protection requirements as laid out by the GDPR for the purposes of cross border transfers of personal data.
For further information on Openprise’s data protection practices, please contact privacy@openprisetech.com.