Your privacy is important.
This page was last edited on 25 May 2018.
As you probably already know, the new European privacy regulation known as GDPR came into effect on 25 May 2018. This significantly improves the privacy rights of you as an individual and help protect your personal data. This page has been created to give you a clear, concise and no-fuzz summary of the GDPR, the changes we’ve made to our agreements and how we handle your personal data.
DATA PROCESSING AGREEMENT
You can read our Data Processing Agreement (DPA) here: Meetio DPA. This DPA is a binding amendment to our End User License Agreement. If you need a signed copy please send an email to firstname.lastname@example.org with the subject line “Signed DPA” and include your company name (full legal entity name) and address in the body.
All changes mentioned above are effective as of 25 May 2018.
Disclaimer: We have done our homework, but we’re neither experts on GDPR nor lawyers. This is our attempt at giving you a quick introduction to GDPR and data privacy, it is not legal advice.
A short introduction to GDPR
The General Data Protection Regulation is a new EU regulation that both strengthens the data privacy rights of individual citizens and increases the obligations of companies handling personal data. It is a binding regulation for all EU member states and applies to any organization that controls or processes personal data of EU citizens, even if the organization is based outside of the EU.
There are a few key terms that you should be familiar with when talking about GDPR:
Personal data means any data that can be tied to an identifiable natural person, either directly or indirectly (for example by piecing together data that together can identify a person). Common examples could be an email address, phone number or location, although anything tied to an identifiable person counts as personal data.
Data subject means an identified or identifiable natural person.
Processing means any operation performed on personal data, manual or automated. This includes collecting, storing, transmitting, manipulating, retrieving, deleting and pretty much any other operation you can think of.
Controller means the natural or legal person that determines the purposes and means of the processing of personal data. You could think of the controller as the “owner” of the data.
Processor means a natural or legal person that processes personal data on behalf of a controller.
These are simplified explanations, the actual and full definitions can be found in article 4 of the GDPR.
When it comes to your relationship with Meetio, you as an individual are in most cases a data subject, your company or employer is the controller and Meetio the processor of your personal data.
Your rights as a data subject
For a complete description of your rights as a data subject we must once again refer you to the actual legislation. In this section we have cherry-picked what we consider the most important rights that you should be familiar with.
THE RIGHT TO INFORMATION AND ACCESS TO PERSONAL DATA
As a data subject you have the right to know who is processing your personal data, what personal data is processed, the purpose of processing as well as the legal basis for processing. The legal basis is in most cases based on either consent, where you explicitly give the controller the right to process your personal data, or the fact that the processing is necessary for the performance of a contract to which you are a party. If the processing is based on consent then you have the right to withdraw your consent at any time.
You also have the right to know for how long your personal data will be processed and if it is transferred to any third parties or sub-processors.
If you object in any way to the processing of your personal data then you can always lodge a complaint with a supervisory authority, often a public authority in your country responsible for monitoring the application of the GDPR.
THE RIGHT TO BE FORGOTTEN
A data subject has the right to have their personal data erased if processing is no longer necessary, consent is withdrawn or the processing is unlawful. Any inaccurate personal data must be corrected on request. The data subject also has the right to have all personal data exported to another controller without hindrance.
Our obligations as controller/processor
Just as the rights of the data subjects has been increased compared to previous legislation, so has the obligations of the controller. Meetio has implemented both technical features as well as organisational measures to ensure full compliance and further strengthen the protection of our users personal data.
We have among other things:
- implemented protocols for data retrieval, deletion, transfer and incident handling,
- performed a complete inventory of our systems to ensure only relevant personal data are processed,
- audited our sub-processors like Amazon Web Services and Google Cloud to guarantee that they provide a high level of security and data privacy,
- produced a publicly available Data Processing Agreement as an amendment to our EULA, complete with a list of all sub-processors and third-country transfers
Personal data processed by Meetio
Meetio provides products and services for meetings and meeting related tasks. All personal data processed by Meetio is lawful and based on either the performance of contract, a customer order or explicit consent by the end user.
DURATION OF PROCESSING
We will process personal data for as long as there is an existing and active customer relationship and up to two years after that relationship has ended (or a maximum of 90 days after an explicit cancelation of the relationship from the customer).
NATURE AND PURPOSE OF PROCESSING
In order to provide our services, we may store, access or in other ways process personal data on behalf of our customers. Anonymised data from which natural persons cannot be identified, derived from personal data, may be processed and used for providing anonymous meeting statistics and insights to third parties.
TYPES OF PERSONAL DATA
For the purpose of sales, marketing and support: Contact information (name, email, phone number, employer, job position, country of residence). When contacted directly through our website (contact form, chat tool) also location data, IP-address, website usage data, device operating system, browser version and any other personal data that the natural person contacting us provides in free text.
For the purpose of providing services to our customers as defined in an agreement between the parties: Contact information, system usage data, calendar and meeting data including name and email of meeting attendees, user initiated system actions (like check-in, end early and booking of meetings) and other personal data submitted, stored, sent or received by end users through the services.
CATEGORIES OF DATA SUBJECTS
Our customers’ employees and their contacts, including end users given access to the services by the customer. Data subjects may also be individual natural persons communicating or in other ways transferring personal data to the customer, its end users or Meetio.
AUTHORISED SUB-PROCESSORS AND TRANSFER OF PERSONAL DATA
Meetio uses a number of sub-processors to provide our services, a complete list including authorised transfers of personal data can be found in Annex 2 and Annex 3 of our Data Processing Agreement.
Keeping your data safe, secure and private is a key priority for us. We use a privacy and security by design-approach in everything we do, from the development of products and services to how we handle customer data internally.
Our security measures include:
- employing best-practices and industry standards in product development,
- recurring security audits of both our own and third-party systems,
- restrictive access policies and two-factor authentication as default for authorized Meetio staff,
- always using encrypted and secure channels when transferring data over the internet,
- clearly defined and separated access policies to ensure that only authorized users can access personal data
These are just a few examples, we continuously evaluate and update our internal security and privacy protocols to ensure that we stay on top things.
If you have any questions regarding our privacy and security work, don’t hesitate to contact us using the information below.
Eric Perssons väg 21
SE-217 62 Malmö, Sweden
+46 (0)10-101 95 60
700 SW Fifth Avenue
Portland, OR 97204, USA
+1 (971) 205-6170