VideoEngager is GDPR Compliant. If you would like a copy of our policies, sub-processers, procedures, or data notice, please reach out to firstname.lastname@example.org
VideoEngager is strives for customer privacy and security and is in compliance with EU data protection requirements, including those set out in the General Data Protection Regulation (“GDPR”), which replaced the EU Data Protection Directive (also known as “Directive 95/46/EC“) and became enforceable on May 25, 2018.
If a company collects, transmits, hosts or analyzes personal data of EU citizens, GDPR requires the company to use third-party data processors who guarantee their ability to implement the technical and organizational requirements of the GDPR. To further earn our customers’ trust, our DPA has been updated to provide our customers with contractual commitments regarding our compliance with applicable EU data protection law and to implement additional contractual provisions required by the GDPR. Our contractual commitments guarantee that customers can:
- Respond to requests from data subjects to correct, amend or delete personal data.
- Be made aware of and report personal data breaches to relevant supervisory authorities and data subjects in accordance with GDPR timeframes.
- Demonstrate their compliance with the GDPR as pertaining to VideoEngager’s services.
What is the GDPR?
The General Data Protection Regulation (“GDPR”) is the European privacy regulation which replaced the EU Data Protection Directive (“Directive 95/46/EC”). The GDPR addresses the processing of personal data and the free movement of such data. It aims to strengthen the security and protection of personal data in the EU and harmonize EU data protection law. Broadly, it sets out a number of data protection principles and requirements which must be adhered to when personal data is processed.
The GDPR also established the European Data Protection Board (“EPDB”), which ensures that the data protection law is applied consistently across the EU and works to ensure effective cooperation amongst data protection authorities.
How does the GDPR apply to customers?
VideoEngager customers that collect and store personal data are considered data controllers under the GDPR. Data controllers bear the primary responsibility for ensuring that their processing of personal data is compliant with relevant EU data protection law, including the GDPR and uniquely determine what personal data is submitted to, and processed by, VideoEngager in accordance with the Services.
What implications does GDPR have for organizations processing the personal data of EU citizens?
One of the key aspects of the GDPR is that it creates consistency across EU member states on how personal data can be processed, used, and exchanged securely. Organizations need to demonstrate the security of the data they are processing and their compliance with GDPR on a continual basis, by implementing and regularly reviewing robust technical and organizational measures, as well as compliance policies.
In its capacity as data processor, how does VideoEngager handle requests made by End-Users?
If VideoEngager receives a data subject request from a Customer’s End-User (i.e., a user of the Services to whom a Customer has provided our Services), VideoEngager is the Processor, and VideoEngager will, to the extent that applicable legislation does not prohibit VideoEngager from doing so, promptly inform the End-User to contact our Customer (i.e. the Controller) directly about any request relating to his/her Personal Data such as access or deletion. VideoEngager will not further respond to a data subject request without Customer’s prior consent.
What are some suggestions for VideoEngager customers with regard to GDPR?
VideoEngager encourages customers to continually review their privacy and data security processes and policies to ensure compliance with the GDPR. Data controllers bear the primary responsibility for ensuring that their processing of personal data is compliant with EU data protection law. Below are some key points to consider for GDPR compliance:
- Geographical Application: The GDPR may apply to organizations that are established in the EU as well as certain organizations established outside the EU but which are processing the personal data of EU citizens, depending on their activities.
- Rights of End-Users: Organizations should be cognizant of End-Users whose personal data they may be processing. The GDPR establishes enhanced rights for End-Users, and organizations should be able to accommodate those rights.
- Data Breach Notifications: Organizations that are controllers of personal data should have clear processes in place in order to comply with the GDPR requirement to report data breaches in accordance with the time frames set out within the GDPR. VideoEngager will notify affected customers without undue delay if we become aware of a data breach of our services.
- Appointment of Data Protection Officer (“DPO”): Customers may need to appoint DPOs to manage issues relating to the processing of personal data.
- Data Processing Agreement (“DPA”): Where personal data is transferred outside the EEA, a customer may need DPAs in place with its sub-processors to ensure an adequate level of protection for the transferred data.
Does VideoEngager currently provide any product specific features or functionality in its products to assist us with our GDPR compliance program?
Yes, more detailed information on how to use VideoEngager products to stay compliant with GDPR can be found via our Help Center or contacting your sales representative.
What are the “Model Clauses”?
The European Commission has approved a set of standard provisions called the Standard Contractual Clauses (“Model Clauses”) which provide a data controller a compliant mechanism to transfer personal data to a data processor outside the European Economic Area (“EEA”). The Model Clauses are appended to the VideoEngager DPA to help provide adequate protection for data transfer outside of the EEA or Switzerland.
Does VideoEngager replicate the Service Data it stores?
VideoEngager periodically replicates data for purposes of archival, backup and audit logs. We use Amazon Web Services (AWS) to store some of the information that is backed up, such as database information. Data are encrypted before external storage.
What steps has VideoEngager taken to prepare for Brexit (the UK’s departure from the European Union)?
Irrespective of the outcome of the ongoing Brexit negotiations, VideoEngager remains committed to the success of our Customers and employees in the UK and the rest of Europe. We are closely monitoring the negotiations between the UK government and the European Union regarding the details of their future relationship. As the details become clear, we will take appropriate measures to ensure that our Customers can continue to use our services in compliance with both EU and UK laws, and for VideoEngager overall, business will continue as usual and will remain focused on our Customers’ success.