Baselime

This app is not approved by Slack. Learn more.

Baselime's observability solution combines logs, metrics, and distributed traces to give you full visibility across your microservices at scale.This Slack integration enables you to:- Receive real-time alerts for every error in your application
- Receive alerts via Slack on your application status
- Manage your observability and investigate incidents right into Slack.

Permissions

Baselime will be able to view:

Baselime will be able to do:

Review the details to better understand this app’s security practices. To learn more about assessing apps for your workspace visit our Help Center.

General

Privacy & data governance

Data retention policy

This Privacy Notice relates to your use of our website, see https://baselime.io/ and support channels, such as our open Slack channel, and our platform. Throughout our website we may link to other websites owned and operated by certain trusted third parties to make additional products and services available to you. These other third-party websites may also gather information about you in accordance with their own separate privacy notices. For privacy information relating to these other third-party websites, please consult their privacy notices. 1. Our collection and use of your personal data 1.1 For the Website We may collect your personal data when you access our website, register with us, contact us or send us feedback. We collect this personal data from you either directly, such as when you register with us, or indirectly, such as your browsing activity while on our website or platform. The personal data we collect about you depends on the activities carried out through our website. This information includes: • your name, email, and phone number, username • details of any feedback you give us by phone, email, post or via social media • chat history if you contact us on Slack or social media • Client onboarding: during our automated client onboarding process, we may process your full name, email address and time of use. • Account management: full name, email address, financial data and place of work. • Product development: full name, email address, place of work, IP address, time and duration of use of the platform and user behaviour. • Sales: full name, email address, place of work, user behaviour. We use this personal data to: • Register your account • Communicate with you • Provide services for you • Process your payment transactions • Customize our platform and its contents according to your preferences • Notify you of any changes to our website products or to our services that may affect you • Help you fix any inconveniences, such as unpredicted bugs • Improve our services The Baselime platform does not store any bank or card payment details. 2. Our legal basis for processing your personal data When we use your personal data, we are required to have a legal basis for doing so. There are various legal bases on which we may rely on, depending on what personal data we process and why. The legal bases we may rely on include: • Consent: where you have given us clear consent for us to process your personal data for a specific purpose • Contract: where our use of your personal data is necessary for a contract we have with you (read our Terms and Conditions here), or because you have asked us to take specific steps before entering a contract • Legal obligation: where our use of your personal data is necessary for us to comply with the law (not including contractual obligations) • Legitimate interests: where our use of your personal data is necessary for our legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect your personal data which overrides our legitimate interests) 3. Who we share your personal data with We share your personal data with third parties outside Baselime under the very limited circumstances and specific purposes below: • Vendors: We may share personal data with third-party vendors, such as cloud providers (e.g.: AWS and Google Drive), communication tools (e.g.: Slack), and management tools (e.g.: HubSpot and Google Workspace). • National Security Authorities or Law Enforcement: Baselime may share personal data to comply with laws and protect our rights and the rights of others.

Data archiving and removal policy

Baselime disposes of data when: a) the retention period as set out in the Retention Schedule is expired, b) an individual has made a request to erase their personal data and where Baselime has assessed c) the request and confirmed the data should be destroyed, d) the DPO requests the erasure of data where retention is no longer necessary for the purpose of the processing prior to the expiry of the relevant retention period. Where data is erased at the request of an individual, we may retain a limited amount of data as is reasonably necessary to keep a record of the erasure for the purposes of demonstrating compliance, and enforcing erasure across all business systems, provided appropriate technical and organisational measures have been applied to the retained data in order to protect the risks to rights and freedoms of the data subject. What Are The Forms Of Data Sanitisation? Data can be sanitised in these forms: 1. Erase 2. Clear 3. Purge 4. Destroy You will know which action to take considering your type of data in the chart shown in data storage policy. Media such as CLOUD, EMAIL, SOFTWARE, AND APPS (such as Slack, Google Workspace, HubSpot) will be sanitised by erasure: - Manually deletion of all files that no longer serve any purpose to Baselime, deleting it also from the trash folder. - Where possible, automated deletion of data may be implemented after consultation with system admin and IT department. - Data which is being fully anonymised for research and insight does not fall under the scope.

Data storage policy

At Baselime, safeguarding the personal data of our customers and users is of utmost importance. To ensure maximum protection, we employ robust technical, organisational, and administrative measures to safeguard the data stored through the Baselime website and platform against unauthorised access, loss, misuse, modification, or destruction. Examples of organisational measures we take, include: • Policies that outline how personal data will be collected, processed, and protected, such as this one, • Conduct data protection impact assessments (DPIAs) to identify and mitigate privacy risks associated with data processing activities, and • Limit access to personal data to employees who need it to perform their duties. Examples of technical measures we take, include: • Automated scrubbing and deletion of data from the datasets that we handle for you through our services, • Encrypting personal data in transit and at rest to prevent unauthorised access and to ensure the confidentiality and integrity of the data, • Implementing access controls, such as passwords, to limit access to personal data, • Regularly backing up data to prevent data loss or corruption, • Implementing firewalls, intrusion detection systems, and other security measures to prevent unauthorised access to the organisation's systems and networks, and • Regularly updating software and security patches to ensure that systems are protected against known vulnerabilities. How long should data be retained or stored for?: - Administrative Subject Access Requests (SAR): triggered by date of last action related to the SAR; max retention of 2 years Baselime user financial transaction details: triggered by upon voluntary termination of the service, or if account remains dormant for a continuous period of two years; max retention of 7 years -Information Technology Product development data (full name, email, online behaviour, duration of use, time of use, IP address): triggered by when client connects AWS with Baselime via API; max retention of Until 30 days after termination of contract or subscription. And afterwards the data will be kept but anonymised. User Behaviour data: triggered by when client deletes Baselime account; max retention of unlimited Datasets: triggered by when client connects AWS with Baselime via API; max retention of Until 30 days after termination of contract or subscription. And afterwards the data will be kept but anonymised. - Product Client onboarding data & User behaviour (full name, email, online behaviour, duration of use, time of use, IP address, occupation, place of work): triggered by when client subscribes to Baselime; max retention of Until termination of contract or subscription Customer support on app, Slack or social media: triggered by upon termination of conversation with a prospect customer, customer or user, and upon termination of the issue that caused the conversation with the client; max retention of For as long as the conversation; max retention of For as long as the conversation lasts or in anonymised form to improve product and services Under certain circumstances we may keep personal data for longer than defined above. Such as: a) the data is required for the exercise or defence of legal claims, and appropriate technical and organisational measures have been applied to the continued retention of the data to protect the risks to rights and freedoms of data subjects, or b) the data is required by Baselime for statistical purposes and appropriate safeguards (pursuant to Article 89(1) of the UK GDPR) have been applied to the processing for these purposes, to protect the risks to rights and freedoms of data subjects, or c) the data has been fully and effectively anonymised and data subjects cannot be identified from the anonymised data.

Data center location(s)

Ireland

Data hosting company

AWS

App/service has sub-processors

yes

Guidelines for sub-processors

https://baselime.io/gdpr

Certifications & compliance

GDPR commitment

https://baselime.io/gdpr

Data deletion request procedure

We take the following steps to respond to Data Subject Rights Request: Acknowledge receipt of the request: Once Baselime receives a Data Subject Rights Request, we acknowledge receipt of the request as soon as possible, and provide information about the expected response time. Verify the identity of the Data Subject: We verify the identity of the Data Subject making the request. Identify the personal data requested: Baselime must identify the personal data that has been requested by the Data Subject and locate it within our systems. If the request is a DSAR: Collate copies of all personal data we hold about the Data Subject. Use the Baselime data map as a reference to quickly identify where we store and process personal data of the Data Subject. Ensure all copies that contain personal data of the Data Subject, do not contain personal data from other Data Subjects. Give an explanation on - why the personal data is being processed, - whether there are any third-party recipients of the personal data, - how long the data is stored and - whether personal data is subject to automated decision-making processes, including profiling. The above can be a reference to our Privacy Notice. Provide the response in a clear and easily understandable format. If the request is any other rights request: If the Data Subject requests their personal data to be corrected, deleted, or restricted, we - take appropriate action in response to the request, - inform any third parties who have received personal data of the Data Subject, and - respond to the Data Subject when the request has been successfully processed. NOTE: In the event of a data deletion request, we may keep personal data that we’re legally obliged to store for legal obligations. Refer to Baselimes’ Data Retention and Destruction Policy for more information. Document the response: We document our response to the Data Subject Rights Request, including any actions taken in response to the request. This documentation can be used to demonstrate our compliance with the GDPR, in case of an audit or investigation by a data protection authority. Supporting Data Subject Rights Requests as Data Processor We are legally obliged to support Data Controllers in the processing of Data Subject Rights Requests. When we receive a Data Subject Rights Request where we are the Data Processor, we follow these steps: The request is made by the Data Controller who has received a Data Subject Rights Request, we support the Data Controller in processing the request in a timely manner, follow the steps from d) onwards in chapter 6.3 The request is made by the Data Subject, we - inform the Data Controller that we have received such request, - inform the Data Subject that we are the Data Processor of their data, - provide support to the Data Subject in how to make a request with the Data Controller and - once the request has been confirmed with the Data Controller, proceed to processing the request following steps from d) onwards above Timeline for responding to a Data Subject Rights Request: Baselime has the legal obligation to respond to Data Subject Rights Requests within a certain timeframe. Data Subject Rights Requests need to be answered within the following time frames: -European and UK citizens, according to the law: 30 days upon request, -Californian citizens, according to the law: 45 days upon request, -Any other user/citizen: within 30 days upon request. Under certain circumstances we can request the deadline to be extended by a further two months. Whether an extension is possible will be assessed on a case-by-case basis by the COO.

HIPAA compliant

While this app may offer HIPAA compliance, Slack does not have a business associate agreement with any third-party application providers, including those in the Slack App Directory, so you are responsible for validating the provider's compliance and executing an appropriate agreement before enabling.

Security