Rungway GDPR Policy
This document outlines Rungway’s approach to GDPR compliance, and provides guidance for clients of Rungway with respect to any responsibilities they have regarding their use of Rungway and GDPR.
Rungway as a Data Processor
Rungway stores data on behalf of our clients, and as such they are considered the Data Controllers for that data. This data includes:
● Employee information such as name, email address, department, region, gender, age, and areas of expertise
● Questions, Answers, and Chats posted in the Rungway application
Rungway has reviewed and updated its contracts with its customers to ensure that they contain the provisions required by GDPR. We have also conducted reviews to ensure that we have procedures in place to ensure we comply with our Processor obligations under GDPR, such as security.
Rungway as a Data Controller
Rungway stores certain information on our clients and our users as a Data Controller. This data is held to ensure:
● Legal obligations around financial reporting and accountability can be met
● Clients can be serviced successfully
● Rungway’s services can be improved over time
● Rungway’s product can be marketed responsibly
Rungway has reviewed the lawful basis on which it processes the personal data as a Controller.
Rungway has reviewed its contracts with third parties who are contracted by Rungway as Data Processors (for example, analytics products) and hold client or user data, to ensure that they comply with the applicable provisions of GDPR. In line with Rungway’s Information Security Policy, no information which could compromise the anonymity of a user is ever shared with a third party. Rungway ensures all data stored is adequate, relevant, and limited to the stated purpose.
Rungway has implemented accountability and governance arrangements to ensure that we can demonstrate that we comply with GDPR.
Privacy by Design
Rungway ensures ongoing compliance with GDPR through thorough Privacy by Design processes. This means that a Data Subject’s privacy is considered at all stages in product design and development, and when considering processes for internal systems such as CRM.
Rungway takes data security very seriously and employs industry-standard techniques, including encryption and pseudonymisation, to protect the data we hold.
Rungway has reviewed its internal policies so that it is able to meet data breach notification requirements of GDPR.
Data Subject Rights
Rungway are prepared to respond to Data Subject’s requests to exercise rights under GDPR and is putting in place policies in place to support compliance with these requests. Where applicable, we will inform our client should we receive a request for erasure from one of their Rungway users.