What about security and privacy?
We take issues of privacy and data integrity very seriously, so we explicitly define the information policy about the data:
- Round Robin app gets from your Zendesk account,
- Round Robin app stores inside and uses,
- Modifies and creates in your Zendesk account.
Information Round Robin gets from your Zendesk account:
- Agent list which includes: agent id, name, email, phone, link to a photo, notes, details, and other attributes. The full attribute list is available here.
- View list which includes: view id, title, filter conditions, sort conditions, and other attributes. The full attribute list is available here.
- Tickets list which includes: ticket id, subject, description, tags, customer name, email, phone, and other attributes. The full attributes list is available here.
- Zendesk account settings. The full attributes list is available here.
A major part of this data is not used by the app but we are forced to get it since Zendesk API returns it. Below are the data that are actually stored and used by the app, the rest data are removed immediately upon receipt.
Round Robin app stores inside and uses:
- View identifiers, names and conditions. They are stored for the duration of your account.
- Agent identifiers and names. They are stored for the duration of your account.
- Ticket identifiers, ticket tags, identifiers of agent tickets are assigned to. These are stored in the Round Robin log for 10 days before being deleted.
- Zendesk account settings. They are stored for the duration of your account.
The rest data returned by Zendesk API is erased immediately after the interaction ends.
Round Robin modifies and creates in your Zendesk account:
- Round Robin modifies the Assignee ticket field.
- Round Robin can add a private or public comment to the ticket if the correspondent option is configured for your queues or if you are using Out of office functionality.
In the future versions, we plan to add to this list: Groups list (id, name) and agents memberships in the groups.
How Round Robin interacts with my Zendesk account?
Round Robin uses Zendesk API to interact with your Zendesk account:
To get agent list /api/v2/users.json?role[]=admin&role[]=agent endpoint is used. Click here to learn more.
To get view list /api/v2/views.json endpoint is used. Click here to learn more.
To get Zendesk account settings /api/v2/account/settings.json. Click here to learn more.
To get tickets for assigning /api/v2/views/{id}/tickets.json endpoint is used. Click here to learn more.
To assign tickets to agents and add comments /api/v2/tickets/{id}.json endpoint is used. Click here to learn more.
Where Round Robin process and stores the data?
Round Robin runs and stores the data in the Google cloud platform. Google cloud platform assures enterprise reliability and security level of the app.
Is Round Robin HIPPA certified?
No.
Is Round Robin compliant with EU General Data Protection Regulation (GDPR)?
No.
How can I use Round Robin if my company needs to be compliant with EU GDPR, HIPPA, or other personal data protection regulations?
Use Round Robin with Data protection proxy (DPP). Data protection proxy is a small middleware that hides personal data in Zendesk API responses like this:
Before proxy | After proxy |
{ "id": 35436, "url": "https://company.zendesk.com/api/v2/tickets/35436.json", "external_id": "ahg35h3jh", "created_at": "2009-07-20T22:55:29Z", "updated_at": "2011-05-05T10:38:52Z", "type": "incident", "subject": "Personal information", "raw_subject": "Personal information", "description": "Personal information", "priority": "high", "status": "open", "recipient": "Personal information", "requester_id": 20978392, "submitter_id": 76872, "assignee_id": 235323, |
{ "id": 35436, "url": "https://company.zendesk.com/api/v2/tickets/35436.json", "external_id": "ahg35h3jh", "created_at": "2009-07-20T22:55:29Z", "updated_at": "2011-05-05T10:38:52Z", "type": "incident", "subject": "*secured*", "raw_subject": "*secured*", "description": "*secured*", "priority": "high", "status": "open", "recipient": "*secured*", "requester_id": 20978392, "submitter_id": 76872, "assignee_id": 235323, |
Thus, Round Robin or other side data processor has no access to sensitive information at all. No access - no problems.
If you are interested in a Data protection proxy please contact our customer support support@roundrobin.zendesk.com.
How Data protection proxy can help my company to be compliant with EU GDPR?
When you provide an access to your Zendesk account data for a subcontractor (processor in terms of the GDPR e.g. Round Robin) via Zendesk API, actually, you have only two options to provide "access to all data" or "no access".
If a processor has access to a ticket it also has access to ticket description, customer name, email, and phone, almost full set of customer's personal data. Do processors need all this data for doing its work? Not as a rule. So it turns out you share personal data to side data processors even if it doesn't necessarily.
It doesn't look great from a GDPR point of view since it could be taken as a violation of "Data minimization" Art 5(1)(c) and "Data protection by design" Art 25 principles.
Data protection proxy is fully managed by your security officer to solve the issue.
As a result, you have:
- Above all, it dramatically reduces the risks of personal data breaches. No access - no breaches.
- It allows us to fully implement "Data minimization" Art 5(1)(c) and "Data protection by design" Art 25 GDPR principles.
- It reduces the amount of work with subcontractors to check their GDPR compliance. Since you can share personal data not for all your processors but to ones who really need it.
If you are interested in a Data protection proxy please contact our customer support support@roundrobin.zendesk.com.
How can I use Round Robin with a Data protection proxy?
Click here to learn more.
.
0 Comments