Data deletion request procedure
When a customer requests Maze to delete personal data, we first verify the identity of the customer requesting the data deletion. We then ask for the reason behind the data deletion, whether it falls under Article 17(1) of GDPR or not, and any additional information or documentation to support the request. We then ask the customer to describe the data that they wish to have deleted, to help us identify the data. The next step is to check whether we are required to comply with the request, or if we can take the defence under Article 17(3) and Recital 65 of the GDPR. If we have valid ground to refuse to comply with the request, we communicate to the concerned customer without undue delay the valid, specific reasons of the refusal. If there is no valid ground to refuse the request, we inform the internal team to mark all the customer’s personal data and assess what the implication of the data deletion would be. We immediately communicate with all third parties, processors and subprocessors to delete all personal data shared by us of the customer. We make sure we have all the data requested by the customer. If we don’t have the requested data, we inform the customer that the requested data was not collected. An internal log of the actions taken is maintained for each data deletion request. Lastly, we start the process of deleting the requested data and we inform the subject as we move forward.
While this app may offer HIPAA compliance, Slack does not have a business associate agreement with any third-party application providers, including those in the Slack App Directory, so you are responsible for validating the provider's compliance and executing an appropriate agreement before enabling.