Have some questions about GDPR and Remarkable Speaking? Read below to find out everything you need to know.
1. What is the GDPR?
Regulation (EU) 2016/679, the General Data Protection Regulation (“GDPR”), is European privacy legislation that takes effect May 25, 2018. It will replace the existing EU member state laws that implement the EU Data Protection Directive, which has been in existence since 1995.
2. Is the GDPR applicable to Remarkable Speaking?
Remarkable Speaking is covered by the GDPR in situations where Remarkable Speaking processes personal data of Remarkable Speaking customers, including but not limited to customer end users, if those individuals are located in the EU.
3. Is Remarkable Speaking a Data Controller or a Data Processor?
Remarkable Speaking may operate as either a Data Controller or Data Processor depending on the circumstances.
With respect to the personal data of its customers, Remarkable Speaking generally is a Data Processor and Remarkable Speaking’ customer is the Data Controller. The Remarkable Speaking customer, the Data Controller, determines the purposes and means of the processing of personal data. Specifically, Remarkable Speaking customer decides what personal data to share with Remarkable Speaking in order for Remarkable Speaking to provide the customer with robust risk score information, certain licensed data, the ability to flag potentially fraudulent activity, and other services as purchased by the customer. In these situations, Remarkable Speaking, as the Data Processor, processes personal data on behalf of the Remarkable Speaking customer Data Controller at that company’s direction.
Remarkable Speaking also operates as a Data Controller with respect to certain of its services and/or databases. When Remarkable Speaking combines personal data from different customers, like many kinds of analytics services, it may do this both as a Data Processor at its customers’ instruction and as a Data Controller itself for the purpose of providing services to all of its customers. For example, Remarkable Speaking may process and aggregate some of the personal data that a customer shares with Remarkable Speaking in order to make that personal data part of another database for one or more other services provided to Remarkable Speaking customers. The personal data shared may be combined with personal data elements chosen and provided by other customers.
4. How does Remarkable Speaking handle data subject requests to exercise their rights under the GDPR?
Where Remarkable Speaking operates as a Data Processor, Remarkable Speaking will notify its customer if Remarkable Speaking receives a request from a data subject to exercise the data subject’s right of access, right to rectification, restriction of processing, erasure (“right to be forgotten”), data portability, objection to processing, or right not to be subject to automated individual decision making (“Data Subject Request”). Remarkable Speaking will also assist its customer in responding to a Data Subject Request, where legally required and permissible. Remarkable Speaking’ customer is responsible for any costs arising from Remarkable Speaking’ assistance with Data Subject Requests.
5. Where can I find more information about Remarkable Speaking’ privacy practices?
6. How may I execute a Data Processing Addendum with Remarkable Speaking?
Customers who have agreed to our online End User License Agreement (EULA) do not need to execute a separate Data Processing Addendum. The online EULA contains GDPR provisions.
Customers who have offline contracts (i.e., non-EULA) may execute a Data Processing Addendum with Remarkable Speaking. Click here for a copy of our DPA.