Vidyo GDPR Readiness
On May 25, 2018, the European Union (EU) General Data Protection Regulation (GDPR), which articulates the data privacy rights of EU residents, went into effect. It was designed to protect and empower all EU citizens in regard to the privacy and security of their data and to reshape the way organizations across the region approach data privacy. These rules impact the way businesses inside and outside the EU collect, process, and protect personal data. The GDPR law applies to any company that controls and/or processes personal data from EU citizens.
Keeping your personal data safe and increasing transparency in how we handle your data are important to Vidyo.
GDPR Overview
Replacing the existing EU privacy directive 95/46/EC (the “Data Protection Directive”), which has been in place for close to 20 years, the GDPR strengthens and expands the privacy rights of individuals in an era in which much of life takes place online. The GDPR is extensive, affecting not just businesses based in the EU but also any company that controls and/or processes the personal data of EU residents or subjects.
The data protection principles set forth in the GDPR include requirements such as:
- Personal data collected must be processed in a fair, legal, and transparent way and should only be used in a way that a person would reasonably expect.
- Personal data should only be collected to fulfill a specific purpose and it should only be used for that purpose. Organizations must specify why they need the personal data when they collect it.
- Personal data should be held no longer than necessary to fulfill its purpose.
- People covered by GDPR have the right to access their own personal data. They can also request a copy of their data, and ask that their data be updated, deleted, restricted, or moved to another organization.
How Vidyo Complies With GDPR
Vidyo worked diligently to comply with the GDPR. Here are a few highlights of what we’ve done:
- We updated our Privacy Policy to reflect changes we are making to strengthen your ability to control how we store and use your data. Our ongoing commitment is to be transparent about how we use your data and keep it safe. For example, our website highlights the use of cookies and explains how we use this data. We will continue to update the policy to address new standards introduced by the GDPR and will notify you when the policy is updated.
- We have established a VidyoCloud environment dedicated to the European Union (EU) in which all the operating servers and personal data reside in the EU exclusively and can be utilized based on customer requirements.
- We appointed a Data Protection Officer (DPO) to monitor and advise on changes in policies, procedures and compliance.
Vidyo strongly believes in the rights and protections that GDPR requirements provide and that our customers will benefit from the added privacy protections this new law affords.
We also believe that this process does not end with GDPR regulations. We are committed to continually improving the privacy and protection of the personal data we collect and ensure that only necessary data is collected.
At Vidyo, trust is our main operating principle. Trust is fundamental to enabling the success of our customers and the protection of our customers’ data. We are here to help. If you have any questions or concerns regarding GDPR, please send a detailed message to legal.operations@enghouse.com
About the Data Processing Addendum (DPA)
The Data Processing Addendum is an agreement between “Customers” who subscribe to and purchase Vidyo products and “Vidyo” in complying with the Processing of Personal Data and the overarching guidelines of the GDPR. Within the addendum, customers are referred to as “data exporters” and Vidyo is referred to as the “Processor” or “data importer”.
Executing the DPA
European Union (EU) Customers of Vidyo services, products and subscriptions who require a Data Processing Agreement under GDPR can download and read a pdf version of the Data Processing Addendum below which is pre-signed by Vidyo. Once signed, both parties agree to the DPA conditions as a legally binding contract. The DPA includes the following sections and subsections:
- Appendix A – This section of the DPA includes the data processing terms (e.g., definitions, processing, data subject rights, information security, transfers outside the EU, data protection impact assessment, deletion or return of personal data, etc.)
- Annex 1 – This part of the DPA contains subject matter and details of personal data processing.
- Annex 2 – This section of the DPA contains the EU Standard Contractual Clauses governing the export of the Customer's data out of the EU.
- Appendix 1 to the Standard Contractual Clauses – This part of the DPA must be completed and signed by both parties; the recipient of the video conferencing products and services as the “data exporter” and Vidyo, as the “data importer”. It describes the categories of personal data transferred and how it is processed.
- Appendix 2 to the Standard Contractual Clauses – This final section describes the technical and organizational security measures implemented by Vidyo, the “data importer”.
Contact Information
You can email or mail the DPA to Vidyo, Attn: Data Protection Officer or, if you would like further information, or need additional assistance, please contact Vidyo at:
- Phone: 1-201-478-6200
- Email: legal.operations@enghouse.com
- Mail Attn: Legal Operations (Enghouse): 216 State Route 17N., Rochelle Park, New Jersey 07662