Since our inception, SightCall’s approach has been anchored with a strong commitment to privacy, security, compliance and transparency. This approach includes supporting our customers’ compliance with EU data protection requirements, including those set out in the General Data Protection Regulation (“GDPR”), which replaced the EU Data Protection Directive (also known as “Directive 95/46/EC“) and became enforceable on May 25, 2018.
If a company collects, transmits, hosts or analyzes personal data of EU citizens, GDPR requires the company to use third-party data processors who guarantee their ability to implement the technical and organizational requirements of the GDPR. To further earn our customers’ trust, our DPA has been updated to provide our customers with contractual commitments regarding our compliance with applicable EU data protection law and to implement additional contractual provisions required by the GDPR. Our contractual commitments guarantee that customers can:
The General Data Protection Regulation (“GDPR”) is the European privacy regulation which replaced the EU Data Protection Directive (“Directive 95/46/EC”). The GDPR addresses the processing of personal data and the free movement of such data. It aims to strengthen the security and protection of personal data in the EU and harmonize EU data protection law. Broadly, it sets out a number of data protection principles and requirements which must be adhered to when personal data is processed.
The GDPR also established the European Data Protection Board (“EPDB”), which ensures that the data protection law is applied consistently across the EU and works to ensure effective cooperation amongst data protection authorities.
SightCall customers that collect and store personal data are considered data controllers under the GDPR. Data controllers bear the primary responsibility for ensuring that their processing of personal data is compliant with relevant EU data protection law, including the GDPR and uniquely determine what personal data is submitted to, and processed by, SightCall in accordance with the Services.
One of the key aspects of the GDPR is that it creates consistency across EU member states on how personal data can be processed, used, and exchanged securely. Organizations need to demonstrate the security of the data they are processing and their compliance with GDPR on a continual basis, by implementing and regularly reviewing robust technical and organizational measures, as well as compliance policies.
If SightCall receives a data subject request from a Customer’s End-User (i.e., a user of the Services to whom a Customer has provided our Services), SightCall is the Processor, and SightCall will, to the extent that applicable legislation does not prohibit SightCall from doing so, promptly inform the End-User to contact our Customer (i.e. the Controller) directly about any request relating to his/her Personal Data such as access or deletion. SightCall will not further respond to a data subject request without Customer’s prior consent.
SightCall encourages customers to continually review their privacy and data security processes and policies to ensure compliance with the GDPR. Data controllers bear the primary responsibility for ensuring that their processing of personal data is compliant with EU data protection law. Below are some key points to consider for GDPR compliance:
Customers can use SightCall’s third-party SOC 2 audit reports to help conduct their risk assessments and determine whether appropriate technical and organizational measures are in place.
Below are examples of specific SightCall product features that customers can utilize to assist with the GDPR compliance program.
Auditing Standards:
Scanning:
Encryption:
Yes, more detailed information on how to use SightCall products to stay compliant with GDPR can be found via our Help Center or contacting your sales representative.
The European Commission has approved a set of standard provisions called the Standard Contractual Clauses (“Model Clauses”) which provide a data controller a compliant mechanism to transfer personal data to a data processor outside the European Economic Area (“EEA”). The Model Clauses are appended to the SightCall DPA to help provide adequate protection for data transfer outside of the EEA or Switzerland.
SightCall periodically replicates data for purposes of archival, backup and audit logs. We use Amazon Web Services (AWS) to store some of the information that is backed up, such as database information. Data are encrypted before external storage.
Irrespective of the outcome of the ongoing Brexit negotiations, SightCall remains committed to the success of our Customers and employees in the UK and the rest of Europe. We are closely monitoring the negotiations between the UK government and the European Union regarding the details of their future relationship. As the details become clear, we will take appropriate measures to ensure that our Customers can continue to use our services in compliance with both EU and UK laws, and for SightCall overall, business will continue as usual and will remain focused on our Customers’ success.