The European General Data Protection Regulation (GDPR) comes into effect on 25 May 2018. This article details GDPR compliance of Kiosk Browser Remote Management. Whilst our Privacy/Terms covers all aspects of GDPR we wanted to provide a clear document detailing the 12 points of GDPR.
For the purposes of this document SERVICE means Kiosk Browser Remote Management. WE means the company providing the SERVICE as per point 12.
Kiosk Browser Remote Management data is stored in the European Union, in situations where it is transferred and stored in the USA sub-processors are on the certified EU-US Privacy Shield framework.
Sub-processors:
We use a number of sub-processors all of which have confirmed their GDPR compliance or intention to be compliant by 25 May 2018. Each sub-processor is listed in our privacy policy, but for clarity we have included the current list of sub-processors.
Sub-processor: Auth0 | Office Location: USA | Purpose: Authentication
Sub-processor: SendGrid | Office Location: USA | Purpose: Email Notifications
Sub-processor: FastSpring | Location: USA | Purpose: eCommerce/Payment Provider
Sub-processor: Azure | Office Location: USA | Purpose: Hosting Provider
Sub-processor: Crisp (Chat) | Office Location: France | Purpose: Live Chat/Support Platform
Sub-processor: Google Firebase | Office Location: USA | Purpose: Cloud Messaging (Notification Service)
Pending
Sub-processor: Headway | Office Location: Poland | Purpose: Product Changelog
1. Awareness
Our employees, responsible for infrastructure, software development and support are fully aware of the concepts and principles of GDPR.
2. Information we hold
2.1 Customer Data (our users)
Email address and name
Device Locations (when registered to remote management)
Payment details - held by our payment processor/eCommerce provider: FastSpring
3. Communicating privacy information
Our privacy and terms are clearly communicated on our website.
4. Individuals’ rights
the right to be informed; we clearly inform our customers how we use their data via our clear Privacy Policy.
the right of access; our customers can access all of their data through our web application.
the right to rectification; our customers may Contact Us with any rectification queries.
the right to erasure; our customers may Contact Us with any erasure queries.
the right to restrict processing; our customers have the right, under certain circumstances, to restrict the processing of their data. In this case, we will not process their data for any purpose other than storing it.
the right to data portability; our customers may Contact Us to request a copy of their data in a common format (this may a while due to the distributed nature of our systems).
the right to object; our customers may Contact Us with any objections.
the right not to be subject to automated decision-making including profiling; we don't do this and have no plans to do this.
5. Subject access requests
We reply to all access requests within 4 weeks (the legal limit from GDPR is 1 month).
All access requests are free of charge.
6. Lawful basis for processing personal data
User Content is the lawful basis for any processing.
7. Consent
Consent is provided by our customers when signing up for the service and logged by us.
8. Children
This service is not available to Children (under the age of 16). Our product is strictly B2B (business-to-business)
9. Data breaches
You can read more on our security here.
We will notify customers and the relevant supervisory authority within 24 hours of a breach.
10. Data Protection by Design and Data Protection Impact Assessments
Security and Data Privacy always comes first when implementing new features, our Data Protection Officer is in involved at every stage of development.
11. Data Protection Officers
For the purposes of Kiosk Browser Remote Management and related services our Data Protection Officer is:
Richard Daw
Senior Systems Engineer
security@android-kiosk.com
12. International
We operate and are established in the UK (England), our supervisory authority is the ICO (Information Commisioner's Office) based in the UK.
Address: Unit 3 Castle Road, Chelston Business Park, Wellington, Somserset, TA21 9JQ United Kingdom
Company No: 5054551 (registered in England & Wales)
Companies using Kiosk Browser Remote Management and handling European user data may need to sign a Data Processing Agreement (DPA). You can find your DPA under My Account within the Remote Management Console (admin users only), including instructions on how to sign and return it.
For the purposes of this document SERVICE means Kiosk Browser Remote Management. WE means the company providing the SERVICE as per point 12.
Kiosk Browser Remote Management data is stored in the European Union, in situations where it is transferred and stored in the USA sub-processors are on the certified EU-US Privacy Shield framework.
Sub-processors:
We use a number of sub-processors all of which have confirmed their GDPR compliance or intention to be compliant by 25 May 2018. Each sub-processor is listed in our privacy policy, but for clarity we have included the current list of sub-processors.
Sub-processor: Auth0 | Office Location: USA | Purpose: Authentication
Sub-processor: SendGrid | Office Location: USA | Purpose: Email Notifications
Sub-processor: FastSpring | Location: USA | Purpose: eCommerce/Payment Provider
Sub-processor: Azure | Office Location: USA | Purpose: Hosting Provider
Sub-processor: Crisp (Chat) | Office Location: France | Purpose: Live Chat/Support Platform
Sub-processor: Google Firebase | Office Location: USA | Purpose: Cloud Messaging (Notification Service)
Pending
Sub-processor: Headway | Office Location: Poland | Purpose: Product Changelog
1. Awareness
Our employees, responsible for infrastructure, software development and support are fully aware of the concepts and principles of GDPR.
2. Information we hold
2.1 Customer Data (our users)
Email address and name
Device Locations (when registered to remote management)
Payment details - held by our payment processor/eCommerce provider: FastSpring
3. Communicating privacy information
Our privacy and terms are clearly communicated on our website.
4. Individuals’ rights
the right to be informed; we clearly inform our customers how we use their data via our clear Privacy Policy.
the right of access; our customers can access all of their data through our web application.
the right to rectification; our customers may Contact Us with any rectification queries.
the right to erasure; our customers may Contact Us with any erasure queries.
the right to restrict processing; our customers have the right, under certain circumstances, to restrict the processing of their data. In this case, we will not process their data for any purpose other than storing it.
the right to data portability; our customers may Contact Us to request a copy of their data in a common format (this may a while due to the distributed nature of our systems).
the right to object; our customers may Contact Us with any objections.
the right not to be subject to automated decision-making including profiling; we don't do this and have no plans to do this.
5. Subject access requests
We reply to all access requests within 4 weeks (the legal limit from GDPR is 1 month).
All access requests are free of charge.
6. Lawful basis for processing personal data
User Content is the lawful basis for any processing.
7. Consent
Consent is provided by our customers when signing up for the service and logged by us.
8. Children
This service is not available to Children (under the age of 16). Our product is strictly B2B (business-to-business)
9. Data breaches
You can read more on our security here.
We will notify customers and the relevant supervisory authority within 24 hours of a breach.
10. Data Protection by Design and Data Protection Impact Assessments
Security and Data Privacy always comes first when implementing new features, our Data Protection Officer is in involved at every stage of development.
11. Data Protection Officers
For the purposes of Kiosk Browser Remote Management and related services our Data Protection Officer is:
Richard Daw
Senior Systems Engineer
security@android-kiosk.com
12. International
We operate and are established in the UK (England), our supervisory authority is the ICO (Information Commisioner's Office) based in the UK.
Address: Unit 3 Castle Road, Chelston Business Park, Wellington, Somserset, TA21 9JQ United Kingdom
Company No: 5054551 (registered in England & Wales)
Companies using Kiosk Browser Remote Management and handling European user data may need to sign a Data Processing Agreement (DPA). You can find your DPA under My Account within the Remote Management Console (admin users only), including instructions on how to sign and return it.
Published on: 10 / 05 / 2018