Introduction

In May of 2018, the European Union (EU) will start enforcing a set of data privacy regulations called General Data Protection Regulation (GDPR).  GDPR establishes a stronger set of regulations for any company which has gathers and/or processes personal data regarding EU residents. These regulations require that companies update and document data privacy rules, as well as implement processes pertaining to security, transfer, processing, and portability of said personal data.  Visage Mobile has always maintained strict and transparent data privacy and security policies, and is in compliance with these new regulations.

Visage Mobile GDPR Compliance

Visage Mobile’s main product MobilityCentral is a multi-tenant software-as-a-service (SaaS) application, which is used by our enterprise customers for managing their own mobile device spend and usage. Our customers are companies, who provide us with the data related to mobile inventory, spend and usage, which we then import into our application.

Visage Mobile does not sell directly to consumers or individuals.

Our application was built from the ground-up with security in mind, using multi-tenancy principles.  These principles insure the isolation of each customer’s data. This protects each customer’s data from unwanted access, and allows us to handle each customer’s data separately. Ensuring that every customer’s data is secure throughout its complete lifecycle has always been of paramount importance to us.

Visage Mobile does not generate any user-specific personal data. Visage Mobile simply processes the mobile device spend data which is provided to us by our customers, and presents it in our application for reporting, analytics and optimization.

As a SaaS company, Visage Mobile adheres to the stringent SOC2 principles, to further demonstrate our commitment to all of the processes required to secure our technical infrastructure and our customers’ data.

Identifying Personal Data

  • The personal information Visage Mobile uses in our application is given to us by our customers. It includes their employees’ names, mobile device phone numbers and billing information.  Visage Mobile allows customers complete flexibility in terms of how much or how little user related data is loaded into the application.
  • Visage Mobile tracks our customers’ personal data which we receive throughout its lifecycle, and has multiple processes and safeguards in place at each stage to ensure that personal data is handled according to industry best-practices and the GDPR guidelines.
  • All Visage Mobile email communications which have been initiated by personal interaction with the website – by requesting information about our product/services – include explicit “opt in” capabilities. All non-person to person emails include proscribed “opt-out” capabilities.

Processing of Personal Data

  • All personal data is stored and processed in encrypted platforms that are secured using 2-factor authentication. All access to personal data is monitored and logged.

Visibility and Transparency

  • Visage Mobile will share with any of our customers the details on exactly how their data is handled, where it is stored, how it is transmitted, and how it is destroyed.

Data Integrity and Security

  • Visage Mobile’s core product, the MobilityCentral application, is designed to provide comprehensive customer data integrity and security. We have implemented layered access controls, secure authorization mechanisms, a multi-tenant database schema, encrypted data stores and transmission, and auditing of all data access.

Right to Rectification and Erasure

  • Upon request, Visage Mobile will rectify or erase the personal data for one or more of our customers’ employees whose mobile device information is in our application.

Right to Portability

  • Upon request, Visage Mobile will provide a customer, or one of their employees, a complete copy of whatever data we have which refers to them.

Sub-contractors and Transfers

  • Visage Mobile does not use sub-contractors or 3rd party vendors for handling customer data. All customer data is handled by Visage Mobile employees in the United States.
  • Customer data does not leave the United States. Our entire technical infrastructure is housed in the United States. Our application, and supporting infrastructure is all hosted by Amazon AWS in West and East coast data centers.

Breach Identification and Notification

  • Visage Mobile has layered and redundant systems in place to detect customer data breaches.
  • Customers will be notified within 72-hours in the event of our discovering a data breach.

Employee Awareness and Process Updates

  • Visage Mobile is continually cultivating our employees’ awareness of security and data privacy-related processes. We believe that this is the only way that we can keep being able to secure our customers’ data and comply with the ever evolving landscape of security and privacy-related mandates like GDPR.

Questions?

  • Please email us at dpo@visagemobile.com if you have any questions about our security or privacy policies or our GDPR compliance.