GDPR Compliance and Data Security Are Top Priorities for Us
At Livingroom, we are commited to securing our customers' data by following the best in breed frameworks and security standards.
What Is GDPR?
In May 2018, the European Union introduced the General Data Protection Regulation to give people more control over how their personal data is collected and processed. Companies have to adhere to new standards of security, data storing, transparency, and accountability.
Livingroom Commitment to GDPR
Aspiring to be the leading employee engagement solutions provider, Livingroom Analytics takes GDPR seriously and it is our top priority to comply with GDPR. As a customer of Livingroom Analytics, you should know that we have put effective measures in place to protect the personal data of our customers, employees and other stakeholders. It’s more than words. Our commitment is demonstrated in practice through a number of policies, the provision of appropriate resources, as well as effective information security controls.
Employee Awareness Training
A policy is in place for the protection of personal data within Livingroom Analytics, which has been approved by management and communicated to all employees. All our employees have received awareness training regarding data protection, the GDPR, and information security, and understand their roles in the protection of personal data.
Personal Data Analysis
As part of meeting our legal obligations, we have put in place a comprehensive program to understand and validate our use of personal data. Among others, we have identified the personal data we process, including where special categories are involved, and we have established the lawful basis of the processing under the GDPR.
Data Processing Agreement
When Livingroom Analytics is gathering, storing and analyzing employee engagement and performance data on behalf of the customer, we operate as the data processor while the customer is the data controller. Acting as a data processor, we have contractually committed to complying with the requirements of the GDPR. Along with our terms of service, we provide an amended, pre-signed data processing agreement, that form the contractual basis of GDPR compliance with our customers
In those cases where our processing is based on consent, e.g. when employee surveys are collected through our employee app, we have taken steps to ensure clear, free consent has been given and is recorded. In this way, we assist our customers, acting as data controllers, in gathering employee consent and demonstrating data transparency.
Rights of the Employees – You’re in Control
Under the GDPR, data subjects have a number of rights that can be exercised, e.g. the right to access personal data, the right to rectify data and the right to erasure data. We are dedicated to assist our customers in fulfilling their obligations as data controllers in respect to these rights. Most importantly, we have designed Livingroom to provide customers with as much control over their employee data as possible. If needed, however, we also have procedures in place to promptly process and fulfil data subject access requests.
As part of our efforts in fulfilling our role as data processor, we also make sure that our subcontractors and sub-processors are GDPR compliant and follow the same strict data security standards as we do. Livingroom Analytics is running on the Microsoft Azure platform and customer data is securely stored within EEA at Microsoft data centers, meeting top industry standards for security.
Impact Assessment & Data Breach Management
As part of our commitment to GDPR, Livingroom Analytics also makes an effort to analyze risks and take measures to protect personal rights accordingly. Where appropriate, we have performed data protection impact assessments. We have also prepared ourselves for possible breaches in line with GDPR guidelines and established procedures to fulfil our obligations in the event of a breach of personal data
Data and Information Security Policies
Our business is built on data. Thus, information security is a top priority to us. In our efforts to protect ourselves, we seek to follow leading industry standards and are constantly evaluating and improving our practice. We have put a number of policies and other controls in place to provide appropriate protection of personal data, based on a careful assessment of risk.
To ensure complete organziational and application security, we are also commited and actively working to obtain an ISO 27001 certification.
Lawfullness, Fairness, and Transparency
As a controller of own data and as a processor of employee data on behalf of our customers, we are always open, honest, and fair about the grounds of its collection and use.
We take all the reasonably steps to ensure the personal data we hold is not incorrect or misleading, by assisting and granting access to our customers to modify or delete their personal data at any time.
We never keep our customers' data for longer than we need to and always communicate the retention period.
As data processors, we are clear, from the beginning, about our purposes for processing personal data and specify them in a privacy document for customers and employees to understand.
We make sure the personal data we process is relevant, adequate, and limited to what is necessary to deliver our services.
We take responsibility for what we do with our personal data and we have appropriate measures to demonstrate our compliance.
Watch our 2-minute product video!