Steps Clipsource are taking to be GDPR compliant by May 25.
Our role (service provider) as a data processor
Providing software and services to a company, we’re acting as a data processor for the personal data clients ask us to process and store as part of providing the services. As a data processor, we will only process personal data in accordance with a client’s permission and instructions — for example, as set out in an agreement with us. Whenever a client need our assistance with any individual consumer/user request, we will facilitate them through processes and tools to help the data controller respond.
Your role (client) as a data controller
As the data controller, you are responsible for the personal data we process and store on your behalf. As a controller, you will be responsible to individuals who engage with your brands detailing how you collect and use information, for what purposes and how you obtain consents. If those individuals want to know what data you maintain about them or decide they want to discontinue their relationship with you, it is your responsibility to adhere to those requests.
Security and privacy compliance
We implement a set of certified security processes and controls to help protect the data entrusted to us. This helps us comply with several security and privacy certifications, standards, and regulations.
Transparency and choice
With GDPR comes an increased emphasis on data collection best practices, data controller transparency, and consumer choice — all of which play a meaningful role in the customer/user experience. Information and compliance processes are updated to the Clipsource platform to follow GDPR guidelines in terms of:
The right to be informed
Upon any request for data, Clipsource must be as clear as possible on what data is stored and for what purpose we store it. We make sure users are able to find information about what data is stored on the Clipsource platform and also how they contact clients (data controllers) with any queries they may have.
The right to access
Individuals who wish to scrutinise the use of their data will have the right under the regulation to access that data and confirm the lawfulness of its use.
The right of rectification
Data subjects have the right to correct any incorrect information stored about them — swiftly, clearly and without undue delay.
Right to erasure
Also known as the ‘Right to be Forgotten’ - a data subject can request the erasure of their personal data.
Privacy by design
We have identified a set of strategies that steer the design of our systems towards privacy-preserving implementations (data minimization), such as avoiding storing more data than needed.
Documents and necessary evidence to demonstrate compliance to provide data controllers with.
For any possible data breaches we will also have in place:
Data breach notification process for reporting data breaches to clients.
We will add a timestamp to when users were added to the system and also identify any contacts that has not given consent.
Consent existing contacts - pre May 25
We will refresh existing consents and send to active contacts.
We will facilitate calling upon non-registered contacts to register with the service.
We will delete any non-active contacts (that can’t receive information because of a non-working email address).