The GDPR (General Data Protection Regulation) is an important piece of legislation that is designed to strengthen and unify data protection laws for all individuals within the European Union. The regulation became effective and enforceable on the 25th May 2018.
We are glad to report that that we achieved compliance with the GDPR prior to the effective date of the regulation, and we are committed to stay GDPR compliant.
This article provides an overview of our GDPR commitment and explains our efforts to live up to the values and requirements of the GDPR.
Below you can find a list of the main activities we worked on to achieve compliance before 2018 May:
- Internal data handling audit – DONE
- Review and improve internal policies related to handling user data – DONE
- Move data centers to European territory – DONE
- Implement unified email preferences center for all communication we send to customers – DONE
- Review our readiness to comply with your potential data access requests – DONE
- Review all our vendors to ensure we work with GDPR compliant parties and obtain Data Protection Agreements. – DONE
- Implement functionality to record consent provided by users – DONE
- Finalize and communicate our full compliance – DONE
There is primarily two type of data we collect and process:
- Your own profile information (such as name, email address, profile picture, IP address, browser and device information)
- The content you create in the application (such as the sessions, library blocks you create and the files you upload)
SessionLab acts as the data controller for the personal data we collect about you, the user of our website and web application. We collect and process your data with the following legal bases:
- First and foremost, we process data that is necessary for us to perform our contract with you (GDPR Article 6(1)(b)).
- Secondly, we process data to meet our obligations under the law (GDPR Article 6(1)(c)) — this primarily involves financial data and information that we need to meet our accountability obligations under the GDPR.
- Thirdly, we process your personal data for our legitimate interests in line with GDPR Article 6(1)(f).
What are these legitimate interests we talk about?
- Improving the app to help you reach new levels of productivity.
- Making sure that your data and SessionLab’s systems are safe and secure.
- Responsible marketing of our product and its features.
Whenever the three legal bases listed above do not justify us collecting and processing your personal data, we ask your consent as appropriate. For example, we may send you additional content digest emails or newsletters with your consent. If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time.
By design, SessionLab is not intended to host personal data in the sessions you create, as there is no designated feature that serves as input area for information that may be considered as personal data.
In case you still decide to upload or input data in your sessions that qualify as personal data, You are responsible for providing notice to your customers and third persons concerning the purpose for which you collect their personal data and how this personal data is processed in or through our service as part of your content.