EU General Data Protection Regulation (GDPR)
What is GDPR?
In 2016, the European Commission approved and adopted the new General Data Protection Regulation (GDPR). GDPR is a significant change in data protection regulation in the EU and replaces the existing legal framework (the Data Protection Directive and the various member state laws). It came into effect on May 25, 2018.Why is GDPR important?
GDPR adds some new requirements regarding how companies should protect individuals' data that they process. It also raises the stakes for compliance by increasing enforcement and imposing greater fines for breaches.What has WebinarNinja done to comply with GDPR?
We have implemented changes and our commitment to your privacy continues
Our compliance, data protection, and information security teams work hard to align our services with GDPR. In our role as the Data Processor of your customer and end user information, we have provided a Data Processing Agreement, meeting with the requirements of GDPR. You can find it here
We have worked hard to meet our obligations as a processor under Article 28 of GDPR. To this end:
- We continue to process your customer and end user data per your instructions.
- We have implemented appropriate technical and organizational measures to protect the data with which you entrust us.
- We have provided a list of our sub-processors and will give you the opportunity to object if we engage a new one. You can access this list on the sub-processors tab of this page.
- We have instituted a policy informing and obligating our employees to maintain the confidentiality of your information.
- We have instituted a procedure to assist you in complying with requests for access, amendment or deletion that you may get from your customers or end users. See the "How do you manage access to my information (DSR requests)?" on this page.
- We are able to inform you without delay in the event of a data breach (though we, and our sub-processors are working hard so that won't be needed).
- We will delete your customer/end user information at the end of our agreement with you, if you ask us.
- As guidance about specific aspects of GDPR continues to be published, we will also continue our efforts to fine-tune and improve our compliance.
- We have addressed cross border data transfers like the Data Protection Directive that preceded it, GDPR includes provisions on international data transfer mechanisms. In order to comply with these provisions, we have worked with legal counsel to create a standard Data Processing Addendum (DPA), which meets with GDPR requirements for agreements between Data Controllers (you) and Data Processors (us).
- Our DPA includes the Standard Contractual Clauses (SCC) for cross border transfers. It also outlines in detail our current security practices. To receive and sign a copy of our DPA, please visit the Data Processing tab on this page.Does GDPR require that my information be stored in the EU?
No. Under GDPR a company is allowed to transfer personal data outside of the EU provided that it puts in place a mechanism, approved under GDPR, to make sure that personal data is adequately protected even when it is transferred outside of the EU. We offer a Data Processing Addendum (DPA) with update Standard Contractual Clauses (SCC) to all customers.How do you manage access to my information (DSR requests)?
As of now, our intention is to service DSR requests (such as delete and export) manually. If you have an account with us, you may access, correct, or request that we delete your personal data by contacting us at email@example.com.
This request can include personal data of other individuals, like your employees or customers that you have provided to us and who have requested this of you. We will respond to these requests within 14 days or less, which is well within the GDPR requirement of 30 days.We got your back
We are happy to answer any questions and address any concerns regarding how we protect your personal data in general, as well as specifically under GDPR. If you have any questions, please don't hesitate to contact us at firstname.lastname@example.org.