bootstrap responsive templates
Mobirise

Sarcon & GDPR 

We have been hard at work building tools and creating processes in accordance to the GDPR. Below we explain our initiatives and methods to ensure compliance with the GDPR for ourselves and for our customers.

Overview of GDPR and Sarcon

1

What do I need to know when talking GDPR?

The Data Controller
GDPR Definition: The term “data controller” means a person or entity that (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be processed.

What does it mean?

The Data Controller is you – the Sarcon customer or the event organizer. Whether you are a corporation, event organizer, or an association, etc., you own the data and the responsibility of your customers’ data, regardless of the technology you use to handle it.

The Data Processor
GDPR Definition: The term “data processor”, in relation to personal data, means any person (other than an employee of the data controller) or entity that processes personal data on behalf of the data controller.

“Processing”, in relation to information or data, means obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data, including—collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

What does it mean?

The data processor is Sarcon. While both parties must align on compliance, the burden of compliance rests with the controller. To manage this burden, the data controller is responsible for building procedures with their data processor to ensure compliance.

The role of the processor is to assist the controller in this regard, as a controller will often have a GDPR compliance process that involves multiple data processors.

2

Where is user data stored?

We treat all personal data that we collect and process with utmost care. Virtually all user data is hosted on Google Cloud, Google Cloud`s data centers follow the highest security and privacy standards and are GDPR compliant (Find Google Cloud`s GDPR policy here). 

Some of the conference data like agenda and public information is stored on Fortrabbit. Fortrabbit is also GDPR compliant ( find their GDPR policy here)

Clients can upload their conference data directly into the CMS from their computer. If they need assistance from one of our project managers and send us sensitive conference data, we secure this files in GoogleDrive folders, that only be accessed by relevant team members. 

3

What is your personally identifiable information (PII) removal process like?

To comply with the GDPR requirements pertaining to personally identifiable information (PII) removal, Sarcon has developed processes and internal tooling to accommodate requests.


Data Removal Process
All GDPR customer requests will be executed within 30 days of receipt. If the individual requests that their data be purged and that data was also shared with third parties (ex. Exhibitors), then those companies will also be notified of the deletion request.



Steps to take for data removal requests:
1) User must contact Sarcon at its privacy support email (email available in Contact section)
2) The request email must be sent from the email id used to login/register to our products (in order to establish identity)
     It is important that this request is done by the user itself and is not forwarded by third parties like the event organisers.
3) Email subject: PII removal request
4) Mention the user email and name of the user to be deleted along with the product(Mobile app, Online Registration) and event name (mention date of event).



Removal process 
1) In the event that the user data is found on our servers and we have established the requester`s identity the data would be erased in 30 days.

4

What is your procedure for reporting data breaches?

Our top priority is to keep your data secure. Detecting data breaches is an important, yet complicated because they can only be detected after they have happened. We are constantly working on improving our security processes and making them even more precise. When a data breach is detected, we will always be transparent about it to all our clients and users and report the incident within 72 hours to the authorities.

   Company





Contact

SUBSCRIBE

Get monthly updates and free resources from the world of events and marketing.