The General Data Protection Regulation (GDPR) has been in effect since 2018 and imposes strict requirements on the processing of personal data. The regulation was designed to better protect the privacy of European citizens and provides companies with clear guidelines on how to handle personal data carefully and securely.
Key Principles of the GDPR
The GDPR outlines several core principles that organizations must comply with when processing personal data:
- Lawfulness, fairness, and transparency Personal data must be processed in a lawful, fair, and transparent manner.
- Integrity and confidentiality - Data must be adequately protected against unauthorized access or loss.
- Data minimization - Only the data strictly necessary for the intended purpose may be collected and processed
- Purpose limitation - Data may only be used for specific, legitimate purposes.
- Storage limitation – Data may not be retained longer than necessary.
- Accuracy – Data must be correct and kept up to date.
How SpinOffice CRM Complies with the GDPR
At SpinOffice CRM, security and privacy are top priorities. We ensure that our software, internal processes, and team adhere to the highest standards to keep your data safe. Here’s how we do that:
1. Data Processing Agreement
Wanneer u gebruikmaakt van SpinOffice CRM, fungeert Mulberry Garden B.V. als verwerker van uw gegevens. Volgens de AVG is het verplicht om een verwerkersovereenkomst af te sluiten met externe partijen die persoonsgegevens verwerken. Wij bieden een Data Processing Agreement that outlines how we, as the processor, handle your personal data. You can request this document by contacting us. Once signed, we will provide you with a digital copy.
2. Two-Factor Authentication for Enhanced Security
To prevent unauthorized access to your data, we’ve implemented two-factor authentication (2FA) This provides extra protection against hackers. In addition to your username and password, a unique verification code is required, generated via an authenticator app on your phone. As a result, it becomes virtually impossible for malicious actors to access your SpinOffice CRM account — even if your login credentials are compromised.
3. Regular Penetration Testing
To continuously ensure the security of our software, we conduct regular penetration tests (pentests) performed by an external, specialized cybersecurity firm. These tests help us identify and address potential vulnerabilities within our platform.
Through pentesting, we are able to:
- Proactively identify risks and security flaws
- Continuously improve the security of SpinOffice CRM
- Meet the GDPR requirement for appropriate technical and organizational security measures
GDPR & SpinOffice – Frequently Asked Questions
How do you ensure the security of the CRM system?
We take adequate organizational and technological measures to ensure the security and confidentiality of your personal data.
We use Amazon Web Services (AWS) om de applicatieservers to hosten die nodig zijn om SpinOffice CRM kunnen draaien. Alle klantendatabases, e-mailberichten en bestanden worden veilig binnen AWS opgeslagen en beheerd. De twee AWS-datacenters die wij gebruiken zijn gevestigd binnen de EU, ons netwerk is een ‘private network’ waar niemand anders toegang toe heeft. Indien er zich een probleem voordoet binnen een van de twee datacenters, zal de ander alles overnemen en kunt u als gebruiker gewoon doorwerken.
Additionally, all Pro databases are encrypted with a unique company key and all files stored in SpinOffice are encrypted.
Where are the databases stored?
All customer databases, email messages, and files are securely hosted and managed through Amazon Web Services (AWS). The data center we use is located within the European Union.
How are backups managed?
A daily external backup is created automatically — without you having to do anything. This backup includes all messages, files, and contacts stored in your database.
In addition to a full database backup, file and document versions are continuously stored. You can view and restore previous versions of a file and see which user made specific changes. SpinOffice keeps snapshots of all changes made to files in your database over the past 5 days . After that, the document is moved to a backup server, where it is retained for the next 100 days.
For how long are deleted data retained in backups?
If a user deletes data from the database, we retain that data for 30 days. This allows us to restore mistakenly deleted information upon a customer's request within a reasonable period of time. After 30 days, all deleted data is automatically and permanently removed.
For email messages, deleted items are also retained for 90 days in the trash folder before being permanently removed. This allows users to recover emails that may have been deleted by mistake within that time frame.
How are data breaches reported?
As outlined in the Data Processing Agreement between the processor (SpinOffice) and the data controller (you as the customer), we notify the affected customer within 24 hours of discovering a data breach by sending an email to the designated contact person of the data controller.
SpinOffice will cooperate with the Data Controller to fulfill all legal obligations related to reporting the breach to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). We will assist in the investigation of the data breach and inform the Data Controller of the security measures that have already been implemented to limit the impact of the breach and to prevent a recurrence.
What settings are available in SpinOffice CRM to help organizations comply with the GDPR?
Please refer to the points listed above the Frequently Asked Questions. We will continue to keep you informed about the steps you can take to further improve compliance with this regulation. Complying with the GDPR is not only about having proper data processing agreements in place — it also requires attention to internal processes within your own organization.
Is SpinOffice CRM a cloud CRM?
Yes, SpinOffice is a cloud CRM, but a hosted solution. All data, files and messages in your database are stored on our highly secure servers within Europe. Only the application itself is installed on the local disk of your workstation.
Voor meer details over hoe wij de veiligheid van informatie en privacy waarborgen, verwijzen we u naar de geldende algemene voorwaarden van SpinOffice. Uiteraard kunt ook altijd Contact us met ons opnemen voor een persoonlijke toelichting op hoe we uw privacy en veiligheid waarborgen.
Subscribe to our newsletter
Stay up to date with our most important news, software updates and promotions.
Experience SpinOffice CRM without obligation
Wij maken graag tijd voor u vrij om samen te kijken hoe SpinOffice CRM uw bedrijfsprocessen kan verbeteren. Of u nu efficiënter wilt werken, klantgerichter wilt communiceren of gewoon meer overzicht wilt: we helpen u op weg.
SpinOffice CRM is beschikbaar voor slechts € 36,65 per gebruiker per maand.