GDPR Compliance
Agillic offers this article to current and potential clients to help them stay GDPR compliant. As a data processing company, Agillic wants to ensure that our clients and their customers (i.e. consumers) understand Agillic’s practices in data processing and information privacy, as well as explain the options to access, transfer, restrict, correct, and delete data. The customers own their personal data, and the client manages and processes the data with the help of the Agillic platform. Learn how Agillic supports clients in being GDPR compliant.
Fundamental Rights
GDPR guarantees consumers basic fundamental rights concerning data privacy. Below we discuss how clients can work with Agillic in order to address consumers’ fundamental rights.
Right to Access
As the data owners, consumers have the right to access the personal data that is stored or processed about them. The consumers can access their personal data by contacting the client company and requesting access to the data. The client will then export all the consumer-specific data saved for the customer from both the Agillic and client systems.
Right to Have Data Transferred to Another System
If consumers wish to transfer data to another system, they simply need to request the transfer with the client. Based on the data transfer request, Agillic’s client will be able to set up an export flow in Agillic, allowing the consumer’s data to be filtered out after the data export.
Right to Request a Restriction of Data Processing for a Period of Time
Consumers have the right to request a restriction of the processing of their data. To ensure the consumer’s data will not be processed, the company will need to add the consumer to a group with restricted data processing for the given period of time.
Right to Information Correction
Depending on the source of the data, data correction can be done directly in the Agillic platform or on the client’s external systems. The data transfer process and the overwriting principles determine the system where the corrections should be made.
Right to Be Forgotten: Person Data Deletion
It is possible to delete consumer data, not only in Agillic, but also in many of the external systems connected to Agillic (e.g. CRM). This process simply requires the client to delete the user from the Agillic UI or use an API call. The client also will need to remember to delete the user from all external systems.
Please note that deletion will remove the consumer’s data from the current Agillic system, but not from the backups. The consumer data will be fully deleted from all Agillic backups no later than six months after the deletion date.
Right to Object Profiling
In GDPR-terms, profiling is any automated processing of personal data that aims to evaluate certain aspects about a person to analyse, for example, that person’s personal preferences, economic situation or behaviour. In Agillic, this means personalisation. Clients using personalised communication will need to consider what to do if a consumer objects to profiling.
Right to Object Data Processing
As data processing is defined as “any operation or set of operations which is performed on personal data or on sets of personal data”, objecting data processing would, in Agillic-terms, result in a full opt-out.

Agillic’s compliance with GDPR and information security is reviewed on an annual basis by Deloitte as an Independent auditor, and documented in a ISAE 3000 type 2 assurance report available to clients.
Want to know more?
Reach out to us if you would like to learn more about the benefits of strong data governance and security.