Security and privacy

  What about security and privacy?

We take issues of privacy and data integrity very seriously, so we explicitly define the information policy about the data:

  • Round Robin app gets from your Zendesk account,
  • Round Robin app stores inside and uses,
  • Modifies and creates in your Zendesk account.

Information Round Robin gets from your Zendesk account:

  • Agent list which includes: agent id, name, email, phone, link to photo, notes, details and other attributes. Full attribute list is available here.
  • View list which includes: view id, title, filter conditions, sort conditions and other attributes. Full attribute list is available here.
  • Tickets list which includes: ticket  id, subject, description, tags, customer name, email, phone, and other attributes. Full attributes list is available here.

Major part of this data is not used by the app but we are forced to get it since Zendesk API returns it. Below are the data that are actually stored and used by the app, the rest data are removed immediately upon receipt. 

Round Robin app stores inside and uses:

  • View identifiers and names. They are stored for the duration of your account.
  • Agent identifiers and names. They are stored for the duration of your account.
  • Ticket identifiers, ticket tags, identifiers of agent tickets are assigned to. These are stored in the Round Robin log for 10 days before being deleted.

The rest data returned by Zendesk API is erased immediately after the interaction ends.

Round Robin modifies and creates in your Zendesk account:

  • Round Robin modifies Assignee ticket field.
  • Round Robin can add a private or public comment to the ticket if correspondent option is configured for your queues or if you are using Out of office functionality.

In the future versions we plan to add to this list: Groups list (id, name) and agents memberships in the groups.

How Round Robin interacts with my Zendesk account?

Round Robin uses Zendesk API to interact with your Zendesk account:

To get agent list /api/v2/users.json?role[]=admin&role[]=agent endpoint is used. Click here to learn more.
To get view list /api/v2/views.json endpoint is used. Click here to learn more.
To get tickets for assigning /api/v2/views/{id}/tickets.json endpoint is used. Click here to learn more.
To assign tickets to agents and add comments /api/v2/tickets/{id}.json endpoint is used. Click here to learn more.

Where Round Robin processes and stores the data?

Round Robin runs and stores the data in Google cloud platform. Google cloud platform assures enterprise reliability and security level of the app.

Is Round Robin HIPPA certified?

No.

Is Round Robin compliant with EU General Data Protection Regulation (GDPR)?

No.

How can I use Round Robin if my company need to be compliant with EU GDPR, HIPPA or other personal data protection regulations?

Use Round Robin with Data protection proxy (DPP). Data protection proxy is a small middleware which hides personal data in Zendesk API responses like this:

Before proxy After proxy

{

  "id":              35436,

  "url":              "https://company.zendesk.com/api/v2/tickets/35436.json",

  "external_id":      "ahg35h3jh",

  "created_at":      "2009-07-20T22:55:29Z",

  "updated_at":      "2011-05-05T10:38:52Z",

  "type":            "incident",

  "subject":          "Personal information",

  "raw_subject":      "Personal information",

  "description":      "Personal information",

  "priority":        "high",

  "status":          "open",

  "recipient":        "Personal information",

  "requester_id":    20978392,

  "submitter_id":    76872,

  "assignee_id":      235323,

 

{

  "id":              35436,

  "url":              "https://company.zendesk.com/api/v2/tickets/35436.json",

  "external_id":      "ahg35h3jh",

  "created_at":      "2009-07-20T22:55:29Z",

  "updated_at":      "2011-05-05T10:38:52Z",

  "type":            "incident",

  "subject":          "*secured*",

  "raw_subject":      "*secured*",

  "description":      "*secured*",

  "priority":        "high",

  "status":          "open",

  "recipient":        "*secured*",

  "requester_id":    20978392,

  "submitter_id":    76872,

  "assignee_id":      235323,

 

Thus Round Robin or other side data processor have no access to sensitive information at all. No access - no problems.

If you are interested in Data protection proxy please contact our customer support support@roundrobin.zendesk.com.

 

How Data protection proxy can help my company to be compliant with EU GDPR?

When you provide an access to your Zendesk account data for a subcontractor (processor in terms of the GDPR e.g. Round Robin) via Zendesk API, actually, you have only two options provide "access to all data" or "no access".

If a processor has access to a ticket it also has access to ticket description, customer name, email, and phone, almost full set of customer's personal data. Do processors need all this data for doing its work? Not as a rule. So it turns out you share personal data to side data processors even if it doesn't necessary.

It doesn't look great from GDPR point of view since it could be taken as a violation of "Data minimization" Art 5(1)(c) and "Data protection by design" Art 25 principles.

Data protection proxy is fully managed by your security officer solves the issue.

As a result you have:

  • Above all, it dramatically reduces risks of personal data breaches. No access - no breaches.
  • It allows to fully implement "Data minimization" Art 5(1)(c) and "Data protection by design" Art 25 GDPR principles.
  • It reduces the amount of work with subcontractors to check their GDPR compliance. Since you can share personal data to not for all your processors but to ones who really need it.

If you are interested in Data protection proxy please contact our customer support support@roundrobin.zendesk.com.

 

 

 



.

 

 

 

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk