EU General Data Protection Regulation (“GDPR”) Compliance Statement

Our Commitment

At Displayr data security is a priority for us and, as such, compliance with the GDPR is necessary to maintain our firm commitment to the protection and safeguarding of the personal data that we collect and process. In order to be GDPR compliant, we have reviewed and updated, where necessary, all our data protection processes, policies and controls.

There are two categories of personal data that Displayr may have access to and our responsibilities with respect to each are different:

  1. Personal data that is part of Displayr or Q user accounts
  2. Personal data in data sources uploaded to Displayr or Q (i.e. your data)

1. Personal Data that is part of Displayr or Q user accounts

In accordance with Article 13 of the GDPR, we must be transparent as to the purpose and use of the data collected, as well as provide details as to which third parties will be in contact with this data. As outlined in our privacy policy and terms of use, collecting personal data is a contractual requirement in order to comply with our legal obligations and enable us to perform our duties as a business. We are required by law to keep this data according to our confidentiality agreements and applicable taxation laws. 

The personal data we collect is covered under ‘legitimate interest’ in Article 6 (f) as necessary in order to provide customers with our systems and offers and keep the business operating smoothly on a day-by-day basis.

We require the use of various third parties to offer our services which require us to provide customer data securely to them for the following purposes:

  • Storing our databases securely: Microsoft Azure (USA) and Amazon Redshift (USA)
  • Communicating with customers and triallists regarding licensing, features, documentation, technical issues, satisfaction: Microsoft (USA), Dropbox (USA), Mailchimp (USA), Zendesk (USA), Intercom (USA), AskNicely (USA), Qualtrics (USA), Yesware (USA)
  • Managing and processing payments: PayPal (USA) and Xero (Australia)
  • Scheduling and managing video meetings: Calendly (USA), Zoom (USA), Zapier (USA) and Slack (USA)
  • Managing sales leads and customer contacts and statistics: Salesforce (USA), Pardot (USA), Segment (USA) and LinkedIn (USA)
  • Banking, accounting and tax (UK): Natwest, Brays Accounting, HMRC

Links to the Terms & Conditions of the above third parties are below:

Data Subject Rights

If individuals choose to enforce their data protection rights, we allow, as per Articles 12 to 23, their rights to request access to, amend, delete and restrict personal data from being processed, as well as lodge a complaint.

2. Personal data in data sources

Data which you upload or connect to Displayr or Q may contain personal data subject to GDPR and you are responsible for identifying this within your own data source.

You may export data from Displayr or Q (such as in a QPack, PowerPoint file, PDF or CSV file) and this export may contain personal data to the extent personal data is included in the data sources.

For Displayr and Q, you are the controller of personal data in your data sources and this means that you have certain responsibilities with respect to GDPR. These will include identifying personal data, keeping it secure, governing its use and facilitating the rights of data subjects.

For Displayr and Q, we are the processor of this personal data. Our terms of business state that we will comply with the GDPR requirements for data processors (https://www.displayr.com/terms-of-use/ and https://www.qresearchsoftware.com/license-terms)

Q is installed locally behind your own firewall and your data is not automatically transmitted to us. Our teams also do not have any built in connection to your software that would enable them to access your data. Where R calculations are performed with Q, your data, which may include personal data, may be sent to our R servers. There is no storage or backup of this data.

We currently have servers in the US, Canada, the Netherlands and Australia. For Displayr we do not guarantee on which server your data will be stored. If you require this guarantee you should speak to your Displayr contact. We have incorporated standard contractual clauses into our terms of business as required for our EU customers.

Customer Requirements

We further require our customers to comply with our stringent data protection policies and only upload personal data for legitimate and necessary reasons whilst still conforming to minimisation rules if data cannot be made anonymous.

Questions

If you have any questions about this document and/or GDPR compliance, please contact us at:

Displayr
http://www.displayr.com
support@displayr.com

This document was last updated on April 20, 2020