GDPR Compliance

A statement on how general users data is protected (GDPR) and used internally and for marketing purpose.


Last Updated: January 30, 2020

General Data Protection Regulation (GDPR)

GDPR Compiant Badge

We’re committed to protecting your data and respecting your privacy. The General Data Protection Regulation (GDPR), a new regulation designed to protect the individual privacy rights of EU residents, came into effect on May 25, 2018, and we want to share what we’re doing to become GDPR-ready. Personal data is any piece of data that, used alone or with other data, could identify a person.

What is GDPR?

The General Data Protection Regulation (GDPR) is a set of security principles and protocols laid by the European Union to protect the data interests of European Citizens. GDPR aims to ensure that corporations inside or outside the European Union become more transparent about how they collect, handle and process personal user data of European Citizens. The primary goal of GDPR compliance is to eliminate security gaps when it comes to collecting data from the users and allow total data control back to the users.

  • When the GDPR comes into effect, most organizations that collect, maintain, or process EU residents’ personal data (regardless of the organization’s global location) will be required to implement certain procedures and safeguards for that data.
All About Data

GDPR includes firm definitions for data controllers and data processors. When considering your privacy at PHPKB, we must consider the fact that we operate under both conditions at different times.

A data controller collects personal data, which is defined very broadly and includes information such as a name or an email address. At PHPKB, we are data controllers when it comes to our users account information.

But it turns out that you, our users, are also data controllers! Every time you collect personal data in the form of a comment, subscriber, etc., you become a data controller, and we become the data processors.

Data processors process personal data on behalf of the data controller. For example, you may enter your users’ email address in our system so that you can invite them to read a knowledge base article. We do not control that data - you do. But we do process that data through our system as a convenience to you.

To accommodate the fact that we are both data controllers and processors, we have been working hard toward GDPR requirements.

Our Commitment to GDPR

Chadha Software Technologies, the provider of PHPKB software stands ready to assist our customers to remain compliant with GDPR. We only collect and store information that is necessary to offer our service, and we do this with the consent of our customers. Adding to this, our approach towards privacy, security, and data protection align with the goals of GDPR. Along with a highly secure and robust system architecture, we have a variety of security measures in place to prevent unauthorized access and processing of personal data. We promise to safeguard customer data.

Our GDPR Readiness

We’ve implemented several technical and organizational safeguards designed to protect the security and integrity of your personal data and any data you control in your account.

  • Create and sustain awareness within the company regarding the Privacy by Default and Privacy by Design principles that need to be kept in mind for ongoing development – Done
  • Bring together the product, marketing, compliance, and security team to oversee PHPKB's GDPR compliance initiatives – Done
  • Analyze all the areas of the product that GDPR would influence – Done
  • Create a data retention policy and have an automated process in place to adhere to the same – Done
  • Update the privacy policy in accordance with GDPR and communicate the changes made to our customers – Done
  • Reach out to all our third-party vendors to make sure they are GDPR ready – Done

PHPKB as a Data Controller

PHPKB recognizes its responsibilities as a data controller towards its customers. Detailed out below are all the steps we are taking towards fulfilling all legal obligations under GDPR, as a data controller.

Data Categorization and Analysis
  1. We have carried out a detailed data mapping exercise to track the flow of personal data through our systems.
  2. We have established and are maintaining a clean data repository that is constantly updated. This gives us control over the data flowing through our systems, with clear processes for handling, securing, and storing this data.
Data Retention

We store personal data with industry standard encryption techniques for as long as we find it necessary to fulfil the purpose for which the personal data was collected, while also considering our need to answer your queries or resolve possible problems, to comply with legal requirements under applicable laws, to attend to any legal claims/complaints, and for safeguarding purposes. This means that we may retain your personal data for a reasonable period after your last interaction with us. When the personal data that we have collected is no longer required, we will delete it in a secure manner.

Consent Mechanism
  1. We will actively start collecting consent from our customers from May 25th, wherever it’s applicable—especially in the case of any marketing communication sent to them.
  2. To give our customers the option to withdraw their consent at any given time, an easy process is being placed for our customers to provide consent during sign up. We want our customers to have complete control over whether they want to receive any communication from us. Please write to to revoke your consent.
Feature Development and GDPR Principles

We have an active process in place that will guarantee all our features meet the standards of GDPR. Our product and engineering teams will consider Privacy by Design and Privacy by Default while designing features and pushing them to production.

Personal Data Collected

The table below provides a summary of how we use, retain and share the categories of personal data which the Company processes, and related information.

Personal data How and why we use personal data Who we share the personal data with Lawful basis for processing the personal data
Contact information, such as title, name, title, email address and phone number To send you materials you request like whitepapers, details of our events and webinars and to send you other marketing materials by email. If you choose to set up an account, we use your contact information to provide you support for our products. With our marketing campaign providers’ webinar software providers, email platforms, and selective re-sellers or business partners. Our legitimate interests in promoting our business and assessing the success of our promotional activities
Information from your Web browser (such as browser type and browser language), your Internet Protocol (“IP”) address, Internet service provider (ISP), operating system, date/time stamp, and clickstream data and the actions you take on the Company’s Web sites (such as the web pages viewed and the links clicked) We use this information for what is usually called analytics — essentially to understand how visitors move around our Web sites, what content is popular and what is not – and to provide more personalized information about us. Usage data is collected on our behalf and analyzed by third party analytics providers and marketing campaigners. Our legitimate interests in monitoring and improving our Websites
Contact information, such as name, company name, title, email address, mailing address and phone number. Billing information, such as billing name and address, credit card number, and the number of users or systems within the organization that will be using Software and Services. To onboard a new client for invoicing and payment, to renew licenses and to provide product support to our customers who request via email or ticketing software. With our payment processing provider. Customer support team based out of India process personal information Use is necessary for our legitimate interests in providing our Software and Services on a commercial basis and to provide product support to our customers
Processing Data Outside of European Economic Area (EEA)

We may store, process and/or transfer personal data to countries outside of the EEA (including countries where the European Commission has not decided of an adequate level of protection of personal data), especially to India. Personal data can also be processed by staff operating outside the EEA who work for the Company. Such staff maybe engaged in, among other things, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this data processing arrangement.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with our privacy policy. If you do not agree to this procedure you should not use our Software and Services. By using Software and Services, you consent to us transferring your information to countries outside your own and the EEA, if necessary, for the business purposes as outlined above.

If you have any questions, please don't hesitate to contact us.

Get It Now

Whether you are looking for an in-house solution OR a cloud-hosted knowledge management tool, PHPKB knowledge base software offers enterprise-class features with pricing that can fit a small business budget.

Purchase Now
Trusted by successful businesses around the globe

Some of the world's best companies proudly use PHPKB knowledge management software.


Try it yourself 30 days free

Get a fully functional 30-day free trial.
Our knowledge base software is easy to use and backed by awesome support.

Get Started