SightCall is committed to protecting personal data and enabling our customers to meet their data protection obligations under the European Union’s General Data Protection Regulation (GDPR). The GDPR governs how organizations collect, process, store, and transfer personal data of individuals in the EU and European Economic Area (EEA). It also applies when services are offered to, or data is collected from, EU citizens, even if the organization operates outside the EU.
What Is the GDPR?
The General Data Protection Regulation (GDPR) is a comprehensive EU privacy law designed to strengthen the protection of personal data and harmonize data protection practices across EU member states. It requires organizations that handle personal data to implement appropriate technical and organizational measures to ensure data privacy and security.
How GDPR Applies to SightCall and Our Customers
When organizations use SightCall’s remote visual support platform to process personal data of EU citizens — such as names, contact information, session details, device identifiers, and other identifiers — GDPR obligations apply. SightCall acts as a data processor, while our customers determine how data is collected and used, and therefore generally act as data controllers under GDPR.
As a processor, SightCall:
-
Acts on behalf of our customers in processing personal data.
-
Implements security measures to safeguard personal data, including encryption and access controls.
-
Supports customers in responding to data subject requests in line with applicable GDPR rules.
If SightCall receives a direct request from an end-user about their personal data, we will, where permitted, inform the customer to address the request in their capacity as controller.
Our Commitments Under GDPR
To help customers meet their GDPR obligations and to demonstrate accountability, SightCall has updated its Data Processing Agreement (DPA) and contractual commitments, which include:
-
Responding to Data Subject Rights: Supporting customers’ ability to address requests to correct, amend, or delete personal data.
-
Breach Notification Support: Notifying customers without undue delay if we become aware of a data breach affecting personal data processed by our services.
-
Compliance Demonstration: Providing contractual commitments and documentation that help customers demonstrate GDPR compliance related to services provided.
These commitments are designed to support customers as they implement their own compliance programs and demonstrate accountability under GDPR.
Technical and Organizational Measures
SightCall implements a range of security measures that support GDPR compliance and protect personal data processed through our platform. These include:
-
Encryption in transit and at rest to protect personal data from unauthorized access.
-
Regular security assessments and penetration testing to identify and address vulnerabilities.
-
Audit logging and monitoring to support oversight and accountability.
-
Use of third-party audited controls, such as SOC 2 Type II reports, to demonstrate consistent security practices.
Customers can use documentation such as our audit reports and security summaries to help conduct their own risk assessments and integrate SightCall into their broader GDPR compliance framework.
Data Transfers and Standard Contractual Clauses
When personal data is transferred outside the EEA or Switzerland, GDPR requires that appropriate safeguards are in place. SightCall’s DPA includes Standard Contractual Clauses (Model Clauses) approved by the European Commission as one such mechanism to provide adequate protection for international data transfers.
Replication, Backup, and Data Retention
To ensure service continuity and support customer requirements, some service data is periodically replicated for backup, archival, and audit purposes. Backups are stored securely, and all data is encrypted prior to external storage.
Guidance for Customers
While SightCall implements GDPR-aligned controls and contractual safeguards, customers remain responsible as data controllers for:
-
Identifying personal data they process through the platform.
-
Implementing appropriate retention policies and data minimization practices.
-
Handling data subject requests and fulfilling rights such as access, portability, correction, and deletion.
-
Appointing a Data Protection Officer (DPO) where required.
SightCall encourages customers to regularly review their privacy and security policies to ensure they align with GDPR obligations and evolving best practices.
Supporting Your GDPR Compliance Program
In addition to contractual safeguards, SightCall offers resources to help customers integrate the platform into their GDPR compliance efforts, including:
-
Access to security and compliance documentation
-
Assistance via the Help Center for GDPR-related feature usage
-
Support from sales and customer success teams for specific compliance questions
For more details on how SightCall products can support GDPR compliance in practice, visit our Help Center or contact your account representative.
FAQs About SightCall + GDPR
Does GDPR apply to companies outside the EU?
Yes. GDPR applies when personal data of EU citizens is collected or processed, regardless of where the organization is located.
What is the role of a data controller versus a data processor?
A data controller determines the purpose and means of processing personal data, while a data processor handles data on behalf of the controller. SightCall generally acts as a processor.
Can SightCall help with GDPR audit readiness?
Yes. Customers can use audit documentation such as SOC 2 Type II reports and security summaries as part of their GDPR readiness and risk assessment processes.
How does SightCall handle personal data breach notifications?
SightCall will notify affected customers without undue delay when we become aware of a personal data breach related to services we provide.