GDPR compliance
Data protection and security of the Clevercast platform
The GDPR (General Data Protection Regulation) is intended to improve the protection and transparency of personal data for all individuals within the European Union. We are fully committed to complying with the GDPR regulation in all its aspects, and are continuously taking all necessary steps to protect the personal data processed by Clevercast. In addition, we also ensure that our platform is optimally secured and permanently available.
Secure and redundant platform
Our data is stored on our own servers located in private racks in multiple ISO 27001-compliant data centers at different geographical locations within the EU. All hardware and software is monitored 24/7, with automated alerts for possible threats or malfunctions. We use encryption technology to secure the transmission of data. We use encryption and other security measures to protect information stored on our systems.
The privacy and security of our clients and their users are of the utmost importance to us. Data is never shared, nor is it accessible to third parties.
Our cloud application is set up in such a way that it is permanently available. It is fully redundant, with multiple instances located in different geographic locations. In addition to our own CDN, live stream delivery is done through the global Akamai CDN. The uptime of our platform and CDNs are permanently monitored by Pingdom.
Ensuring GDPR compliance
In its role of data processor, Clevercast ensures that:
- your data is maximally secured
- every employee is perfectly aware of everything that GDPR entails
- if third parties are hired for custom projects, they work in accordance with the GDPR
- should there ever be a security breach, it will be reported to you asap
- we keep a data register – containing personal data categories and purposes – based on your information
- we can give you secure access to your data if requested, or provide a copy when you choose a different data processor
- all data is deleted when your plan ends
Our data processing agreement is an integral part of the terms of every plan and contract.
Clevercast Enterprise and privacy
Our Enterprise platform is only accessible via HTTPS (SSL encryption). Only name, email and password of administrators are stored. This data is only used for secure access to the web application and to determine a user’s permissions. An administrator can change this data and password at any time.
Clevercast player uses no tracking technology. Some settings are stored in local session storage in the browser, such as the audio level and language preferences of the player, but they are not linked to a user ID or other user information. The embedded player uses an encrypted connection to send the data necessary to generate statistics to Clevercast. Clevercast ensures that statistics cannot be traced back to individuals.
When an account is deleted, all personal data is also permanently deleted. This also applies to statistics and uploaded videos and recordings.
Clevercast Webinar and privacy
With respect to the personal data of administrators and the behaviour of our player, the privacy guarantees for our Webinar platform are the same as those of the Enterprise platform.
For webinars without registration, no data of participants is stored by Clevercast, with the exception of questions or chat messages (if enabled).
For webinars with registration, you determine whether which personal data of participants is requested and stored, as well the ways in which participants can interact. It is your responsibility to inform participants and seek their consent where necessary. Our webinar platform provides the necessary options to do so.
Any interaction of participants with Clevercast is SSL encrypted. Any personal or statistical data is only accessible to your administrators. They can delete the data of some or all participants at any time. When a webinar is deleted, all user data is also permanently deleted.
Impact of the GDPR
If you let Clevercast collect or process personal data from end users in the European Union, you are – as a data collector – responsible for doing so in accordance with the GDPR. This also applies if your company is located outside of the EU.
As a Clevercast customer you agree to be bound by our Data Processing Agreement, an addendum that is an integral part of our general terms and conditions. By doing so, you agree to keep us informed of all categories of personal data that you transfer to Clevercast for processing, and the purposes of processing. This way, we can keep a data register and inform you in the (unlikely) case of a security breach.
If you have any questions, please contact us.