Ediflo Data Protection

Introduction

This page provides information on the Ediflo services affected by the upcoming General Data Protection Regulation (GDPR).

What is the GDPR?

GDPR is the General Data Protection Regulation. It comes into effect from 25 May 2018. It sets out a series of new EU laws concerning how data is processed and used. The objective of the regulation is to strengthen and standardize data protection laws for all EU citizens. These regulations will apply to any organisation that controls and/or processes data on behalf of an individual or group of individuals. Those responsible for adhering to these regulations include employees of the organisation, including contractors, consultants, agents and third parties who have access to data either directly or indirectly.

What does this mean for Ediflo Customers?

The GDPR imposes obligations on Data Controllers and Data Processors. Ediflo customers act as the Data Controller for any personal data about their end-users they provide to Ediflo in connection with their use of the platform, and Axonista Ltd which owns and operates Ediflo is, generally, a Data Processor.

What do we mean by Ediflo?

Axonista Ltd, owns and operates the interactive video content management platform, Ediflo. Ediflo in this context refers to following product services, which may be involved with the processing of personal data for your organisation:

What does this mean for Data Controllers?

The data we process is under the customer's control. Controllers are responsible for obligations like fulfilling an individual's rights with respect to their personal data.

If you are a customer, and would like to understand your responsibilities as a Data Controller, you should familiarize yourself with the provisions of the GDPR, and check on your compliance plans.

Key questions to consider:

Does my organisation need to make changes to our applications which send personal data to Ediflo?

If you do not have a lawful basis to send personal data to Ediflo, you will need to obtain it. A common method is requesting consent from your Data Subjects, but there are other less intrusive methods too.

In a Data Processor role, Axonista Ltd assumes that the personal data that is sent to Ediflo has the proper lawful basis for its use. This means that any applications can be used to send personal data to Ediflo as long as you have gained the proper Lawful basis to do so, whether via consent from the user, or another basis.

For applications that are managed by Axonista Services Team, please contact us at dpo@axonista.com or your project manager to discuss methods of acquiring a lawful basis to send Ediflo personal data.

Data Protection Officer

Our Data Protection Officer oversees how we process and protect your information to ensure your Data Subject rights are fulfilled. You can contact our Data Protection Officer at dpo@axonista.com.

What forms of personal data might you be sending to Ediflo?

There are two sources of end-user personal data processed by Ediflo. Each from a different Ediflo service.

Ediflo Analytics

Personal data posted to Ediflo:
  • IP address
How the data is processed:
The IP address is used to infer an approximate location for the user via a commercial IP address to location database.

Location includes:
  • Country
  • City
  • DMA Code (for USA)
  • Zipcode (for USA)
How data helps provide the service:
  • Knowledge of the user’s country allows Ediflo to enforce content rights restrictions.
  • Knowledge of the user’s approximate location allows Ediflo to provide improved content recommendations to users.
Standard retention policy:
  • The location data will be retained for no longer than 24 months.

Remoco Users

Personal data posted to Ediflo:
  • Email Addresses
  • Passwords
  • Name
How data helps provide the service:
  • The service uses the data to enable end-user authentication, and facilitate end-user account management.
Standard retention policy:
  • The data will be retained until the user revokes their registration
If you wish to use a retention policy that’s different to our standard, please contact us at dpo@axonista.com.

How we keep your information safe

Ediflo is run on cloud platforms. Our cloud service providers act as Data Processors for Ediflo.

The providers are:

Axonista has received communication from these platforms informing us that they are GDPR compliant.

In addition to our technical controls, our Data Protection Officer oversees how we collect, use, share and protect your information to ensure your end-user rights are fulfilled. Our Data Protection Officer advises on how we can best understand risks to your data rights and freedoms, implemented processes to protect these and has responsibility to report to the Data Protection Authorities if we are not meetings our obligation.

When you contact us to ask about your information, we may ask you to identify yourself. This is to help us protect your information.

International transfers of data

We may transfer your personal information outside of the European Economic Area (EEA) to help us provide your products and services. We expect the same standard of data protection is applied outside of the EEA to these transfers and the use of the information, to ensure your rights are protected.

Handling Access Requests

Please contact us at dpo@axonista.com to do so.

Ediflo has the ability to handle the range of possible access requests. It will be performed on case by case basis. Please contact us as soon as possible if an access request occurs.

Key Definitions:

Consent – of the Data Subject means any freely given, specific, informed and unambiguous indication of the Data Subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Data Controller – is a natural or legal person, public authority, agency or other body who determine the purpose and means of the processing - of personal data, where the purposes and means of such processing are determined by Union or Member State law. Ediflo Customers are considered a Data Controller, as they process personal data on behalf of both their customers.

Data Processor – in relation to personal data, means any natural or legal person (other than an employee of the Data Controller), public authority, agency or another body who processes personal data under the direction of, and on behalf of a Data Controller. Ediflo is considered a data processor, as they process personal data on behalf of Third Parties. Additionally, Third Parties engaged by Ediflo to process personal data are considered Data Processors.

Data Protection Officer – The Data Protection Officer oversees how we collect, use, share and protect information.

General Data Protection Regulation (‘GDPR’) – is a regulation intended to strengthen and unify data protection for all individuals within the European Union (‘EU’). Non-compliance of GDPR can result in fines the higher of €20 million or up to 4% of Axonista’s turnover. The aim of the GDPR is to reinforce data protection rights of individuals and facilitate the free flow of personal data. It applies to all data controllers and processors established in the EU, as well as those established outside the EU that process the data of EU citizens.

Lawful basis – Processing of data is lawful only if and to the extent that at least one of the following applies:

Personal Data – is any data relating to an identified or identifiable natural person (‘Data Subject’), who may be identified from the data either on its own (directly) or in conjunction with other data (indirectly), in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing – means obtaining, recording or holding the information or data, whether or not by automated means, or carrying out any operation or set of operations on the information including: