GDPR Compliance

Last modified on 20/10/20

Restream has made commercially reasonable efforts to provide detailed overview of our GDPR compliance and how Restream supports your business to operate within the confines of this regulation. Especially when it comes to customer data and its verification through the Restream Live Video Streaming Service. But it is still advised to engage services of a legal counsel to have a better understanding of GDPR compliance and the liabilities that come along with it for your organization. The following compliance guide is the practices, procedures and upgrades introduced in the internal working of Restream to make its services GDPR complaint.

Here is a summary of GDPR sections that are applicable to users of Restream services.


Cookies

GDPR only allows collection of user data for a legal reason. Restream only collects data for verification purposes as per the legal agreement signed by Restream and its customers in the Terms of Use. This data will be limited to verification of the credentials, identity or any other related verification that was required by our customers to be provided as per the legal agreement.

Lawful Basis

GDPR only allows collection of user data for a legal reason. Restream only collects data for verification purposes as per the legal agreement signed by Restream and its customers in the Terms of Use. This data will be limited to verification of the credentials, identity or any other related verification that was required by our customers to be provided as per the legal agreement.

We have even added a consent button at the form where a customer is supposed to fill its identification details. We also provide the option for customers to go through our data protection, privacy policy and Terms & Conditions, to ensure full transparency.

Deletion

GDPR requires Restream to forget and delete the user data when requested by the user. Restream has taken steps to provide full control to the end-users about their data that they have submitted for identity verification for login. This can be deleted via their account settings or contacting a Customer Service Representative via chat or email.

Restream Plan for GDPR Compliance

Restream Users and Enterprise partners should feel confident that we are both knowledgeable and compliant with General Data Protection Regulation (GDPR) that are under our control. This directive set by the European Union, a legislation that set forth guidelines regarding how information is collected and how it is processed and used.

The GDPR legislation was formed to harmonize data privacy laws across Europe. Empowering all EU citizen’s data privacy in the process, and to reshape how organizations approach data privacy in a secure and transparent manner.

At Restream, we deploy commercially reasonable efforts to assist our users, businesses and our clients. To help them understand, what the GDPR means for their businesses and to assist them in establishing a compliant process of their own. Considering that aspect, we have made great improvements to our Restream platform to ensure that we stand at par with the critical components of GDPR measures.

The Restream Process:

Let us say that Daniel Streamer is a potential customer and lives in France. He is called the Data Subject, and the service provider, is called the Controller of his data. Since Restream is verifying the credentials of Daniel, then that makes Restream, the Processor.

How Daniel might interact with Restream:

  • An Enterprise Ecommerce partner integrates Restream with their online business/portal/app
  • Daniel approaches the Online Business and is redirected to a landing page where Restream Verification is carried out.
  • Or Daniel goes directly to Restream.io and enters relevant credentials (email Address and password)
  • Restream uses STRIPE for payment collections, so Restream does NOT retain any Credit or Debit card info.
  • Restream does NOT collect Date of Birth, Physical Address, Social Security Numbers or other overly sensitive PII (Personal Identifiable Information).
  • Based on the results of a verification of Daniels username and password only, he is Verified or Not Verified to use the Restream service.

All the above stated steps gather user data from the Data Subject on behalf of
Controller that is passed on to Processor. Following are various aspects of our data protection policy, privacy policy and Terms & Conditions that control the entire process, under the guidelines of GDPR

User Data

User Data means any data, content, code, video, images, or other materials of any type that User uploads, submits or otherwise transmits to or through Services. User will retain all right, title, and interest in and to User Data in the form provided to restream.io. Restream stores data on industry secured servers located in EEA zone, and are monitored. Subject to the terms of this Agreement, you hereby grant to Restream a non-exclusive, worldwide, royalty-free right to:

(a) collect, use, copy, store, and transmit User Data (Video, Graphics), in each case solely to the extent necessary to provide the applicable Services to Client

(b) Client hereby grants to Restream all necessary rights to use, reproduce, modify, create derivative works from, distribute, perform, transmit and display the User solely to the extent necessary to provide the Services which will include the right for Restream to grant equivalent rights to its service providers that perform services that form part of or are otherwise used to perform the Services.

Access to Data

The Services may delete any stored items in storage upon expiration or termination of this Agreement. Restream will have no responsibility or liability for storing and deleting items in accordance with our Terms of Use agreement.

User Data Collected by Restream

You may instruct us to provide you with any personal information we hold about you; Restream only collects the following information (mostly nonapplicable to GDPR):
  • ip address
  • username
  • password (hash encrypted)
  • email address
  • timezone created_at time
  • google_token
  • blog_posts_read
  • stripe_id for Restream to verify payment was made for accessing the service
  • selected_language
  • two_factor_auth

In practice, you will usually either expressly agree in advance to our use of your personal information for marketing purposes, or we will provide you with an opportunity to opt out of the use of your personal information for Restream marketing purposes. Restream DOES NOT SELL any user data.

Automated decision-making

We may use your personal data for the purposes of automated decision-making in relation to our live video stream service. This automated decision-making will involve checking the info provided by you and matching that with the identity information provided by you.

Identity Verification

Restream employs simple user named accounts, email address and password only. Unless otherwise stated in the Standard Agreement, the Verifications parameters include:
  • User Name
  • Email address
  • Customized Service parameters (Paid Plans)

Users Individual Rights Request

The GDPR enhances the rights of individuals in several ways.

Access and Privileges

User can request access to the personal data they have shared with Restream about their account. Personal data is anything identifiable, like his name and email address. If they requests access, Restream (as the processor) will provide a copy of the data, in most cases in machine-readable format (e.g. CSV or XLS).

A client can seek access to their data by asking Restream of what they require at legal@restream.io. We at Restream believe to be at legal and moral obligation to facilitate any manner of an individual rights request.

Modification

In the manner same as accessing information, user can request Restream to modify their personal data, if it is inaccurate, incomplete or requires any sort modification or amendment.

The GDPR requires that a company be able to accommodate modification requests, as and when required.

Deletion

Under the GDPR, users have the right to request that Restream delete all personal data it has collected from them. GDPR requires Restream to permanently remove users contact from their database, including verification results, all personal information, saved images/video, form submission data and credit card data.

In a GDPR compliant manner, a client can seek to have their data deleted by querying Restream at legal@restream.io. The Data protection officer at Restream will respond back within a 30-day period.