Μετάβαση στο κύριο περιεχόμενο
BT Software CRM-Light ERP
Best Team Software

Security & GDPR

At BTSoft, we understand that business data is critical. Customers, leads, quotations, orders, products, inventory, financial data, emails, and business notes must be protected with seriousness and care.

For this reason, we design and operate the platform with a focus on security, personal data protection, and alignment with the requirements of the General Data Protection Regulation (GDPR).

1. Data protection by design

BTSoft is designed so that each business manages its own data within a separate usage environment.

The data entered by a business into the platform, such as customers, leads, contacts, products, documents, emails, files, and financial information, remains the property and responsibility of that business.

BTSoft does not sell personal or business data and does not use customer data for unrelated commercial purposes.

2. Roles under the GDPR

For data relating to registration, subscription, communication, support, invoicing, and use of the service, BTSoft acts as the Data Controller.

For data entered by the customer into the platform, such as customer data, leads, contacts, orders, emails, or files, BTSoft acts as a Data Processor on behalf of the customer’s business.

This means that the business using the platform remains responsible for the lawful collection and entry of its data, while BTSoft processes such data only for the provision of the service, technical support, security, and the lawful operation of the platform.

3. Limited access to customer data

BTSoft’s access to customer data takes place only when necessary for a specific and lawful purpose, such as technical support, troubleshooting, service security, compliance with a legal obligation, or upon the customer’s request/instruction.

Access is limited to authorized persons and only to the extent required for the relevant purpose.

BTSoft does not monitor, exploit, or process customers’ business data for purposes unrelated to the provision of the service.

4. Access control and user permissions

Access to the platform is carried out through personal user accounts.

BTSoft supports roles, permissions, and access restrictions, so that each user can view and manage only the information that corresponds to their role within the business.

This helps reduce the risk of unauthorized access and strengthens the business’s internal control.

5. Technical and organizational security measures

We take appropriate technical and organizational measures to protect data against unauthorized access, loss, alteration, destruction, or misuse.

These measures may include, depending on the case:

  • Secure access through user account and password.

  • Roles and access permissions per user or business.

  • Secure data transmission through HTTPS.

  • Encryption where applicable.

  • Technical logs and audit trails.

  • Restricted access to authorized persons only.

  • Backups and recovery procedures.

  • Measures against misuse, malicious actions, and unauthorized access.

Although we take security seriously, no electronic service can guarantee absolute protection against every possible technical or external risk.

6. Data separation per business

BTSoft operates as a cloud platform for businesses. The data of each business is organized in a way that restricts access only to the authorized users of the relevant account or organization.

Users of one business do not have access to the data of another business.

7. AI features with human control

BTSoft may include AI features, such as data summaries, suggested actions, draft emails, draft quotations, lead scoring, customer health, stock alerts, email auto-triage, and business insights.

AI features use the business’s data only to provide the relevant functionality within the platform and in accordance with the user’s access permissions.

BTSoft does not use its customers’ business data to train public AI models.

When AI features generate suggestions, summaries, or draft actions, the user remains responsible for reviewing, evaluating, and giving final approval before any significant action is taken.

8. Providers and partners

For the operation of the service, BTSoft may work with selected providers, such as hosting, payment, email, analytics, monitoring, backup, or AI service providers.

These partners are used only to the extent necessary for the provision and operation of the service.

Where required, these partners are contractually required to process data in accordance with personal data protection requirements, the agreed processing purposes, and applicable legislation.

9. International data transfers

Where possible, we choose providers that process data within the European Union or the European Economic Area.

If data is transferred outside the EU/EEA, appropriate safeguards are applied in accordance with the GDPR, such as contractual commitments, Standard Contractual Clauses, or other lawful transfer mechanisms.

10. Backups and recovery

BTSoft may perform technical backups for the protection, continuity, and recovery of the service.

Backups help reduce the risk of data loss, but they do not replace each business’s obligation to maintain its own copies of important files, financial data, exports, or documents where this is required for its operation.

11. Security incident management

In the event of a security incident that may affect personal data, BTSoft follows a process for assessing, containing, and addressing the incident.

Where required by applicable legislation, the competent authorities and/or affected individuals are notified without undue delay.

BTSoft takes measures to reduce the risk of similar incidents recurring and to improve its security procedures.

12. GDPR rights

Under the GDPR, individuals have rights regarding their personal data, such as the right to be informed, the right of access, rectification, erasure, restriction of processing, objection, data portability, and withdrawal of consent where processing is based on consent.

For data relating directly to your relationship with BTSoft, you may contact us at info@btsoft.gr.

For data entered into the platform by a customer business, the relevant request should usually be addressed first to the business that controls that data.

13. Managing GDPR requests

For requests relating to personal data for which BTSoft acts as Data Controller, we make efforts to respond within the time limits provided by the GDPR.

Identity verification may be requested before processing a request, in order to ensure that data is provided or modified only by an authorized person.

Where a request concerns data entered into the platform by a customer business, BTSoft may refer the request to the relevant business or cooperate with it, where required, for the proper handling of the request.

14. Data Processing Agreement

For business customers using the BTSoft platform to process personal data of third parties, a separate Data Processing Agreement may be provided upon request.

This agreement describes in more detail BTSoft’s obligations as Data Processor, the protection measures, sub-processors, request handling, and the key obligations of the parties under the GDPR.

15. Continuous security improvement

Security and personal data protection are not static processes. BTSoft continuously develops the platform, procedures, and technical protection measures in order to meet business needs and legal requirements.

For more information about the processing of personal data, please read the BTSoft Privacy Policy, Cookie Policy, and Terms of Use.

Απορίες; Η Σοφία είναι online!