Restream has made commercially reasonable efforts to provide detailed overview of our GDPR compliance and how Restream supports your business to operate within the confines of this regulation. Especially when it comes to customer data and its verification through the Restream Live Video Streaming Service. But it is still advised to engage services of a legal counsel to have a better understanding of GDPR compliance and the liabilities that come along with it for your organization. The following compliance guide is the practices, procedures and upgrades introduced in the internal working of Restream to make its services GDPR complaint.
Here is a summary of GDPR sections that are applicable to users of Restream services.
GDPR requires Restream to forget and delete the user data when requested by the user. Restream has taken steps to provide full control to the end-users about their data that they have submitted for identity verification for login. This can be deleted via their account settings or contacting a Customer Service Representative via chat or email.
Restream Plan for GDPR Compliance
Restream Users and Enterprise partners should feel confident that we are both knowledgeable and compliant with General Data Protection Regulation (GDPR) that are under our control. This directive set by the European Union, a legislation that set forth guidelines regarding how information is collected and how it is processed and used.
The GDPR legislation was formed to harmonize data privacy laws across Europe. Empowering all EU citizen’s data privacy in the process, and to reshape how organizations approach data privacy in a secure and transparent manner.
At Restream, we deploy commercially reasonable efforts to assist our users, businesses and our clients. To help them understand, what the GDPR means for their businesses and to assist them in establishing a compliant process of their own. Considering that aspect, we have made great improvements to our Restream platform to ensure that we stand at par with the critical components of GDPR measures.
The Restream Process:
Let us say that Daniel Streamer is a potential customer and lives in France. He is called the Data Subject, and the service provider, is called the Controller of his data. Since Restream is verifying the credentials of Daniel, then that makes Restream, the Processor.
How Daniel might interact with Restream:
- An Enterprise Ecommerce partner integrates Restream with their online business/portal/app
- Daniel approaches the Online Business and is redirected to a landing page where Restream Verification is carried out.
- Or Daniel goes directly to Restream.io and enters relevant credentials (email Address and password)
- Restream uses STRIPE for payment collections, so Restream does NOT retain any Credit or Debit card info.
- Restream does NOT collect Date of Birth, Physical Address, Social Security Numbers or other overly sensitive PII (Personal Identifiable Information).
- Based on the results of a verification of Daniels username and password only, he is Verified or Not Verified to use the Restream service.
All the above stated steps gather user data from the Data Subject on behalf of
User Data means any data, content, code, video, images, or other materials of any type that User uploads, submits or otherwise transmits to or through Services. User will retain all right, title, and interest in and to User Data in the form provided to restream.io. Restream stores data on industry secured servers located in EEA zone, and are monitored. Subject to the terms of this Agreement, you hereby grant to Restream a non-exclusive, worldwide, royalty-free right to:
(a) collect, use, copy, store, and transmit User Data (Video, Graphics), in each case solely to the extent necessary to provide the applicable Services to Client
(b) Client hereby grants to Restream all necessary rights to use, reproduce, modify, create derivative works from, distribute, perform, transmit and display the User solely to the extent necessary to provide the Services which will include the right for Restream to grant equivalent rights to its service providers that perform services that form part of or are otherwise used to perform the Services.
Access to Data
User Data Collected by Restream
You may instruct us to provide you with any personal information we hold about you; Restream only collects the following information (mostly nonapplicable to GDPR):
- ip address
- password (hash encrypted)
- email address
- timezone created_at time
- stripe_id for Restream to verify payment was made for accessing the service
In practice, you will usually either expressly agree in advance to our use of your personal information for marketing purposes, or we will provide you with an opportunity to opt out of the use of your personal information for Restream marketing purposes. Restream DOES NOT SELL any user data.
We may use your personal data for the purposes of automated decision-making in relation to our live video stream service. This automated decision-making will involve checking the info provided by you and matching that with the identity information provided by you.
Restream employs simple user named accounts, email address and password only. Unless otherwise stated in the Standard Agreement, the Verifications parameters include:
- User Name
- Email address
- Customized Service parameters (Paid Plans)
Users Individual Rights Request
The GDPR enhances the rights of individuals in several ways.
Access and Privileges
User can request access to the personal data they have shared with Restream about their account. Personal data is anything identifiable, like his name and email address. If they requests access, Restream (as the processor) will provide a copy of the data, in most cases in machine-readable format (e.g. CSV or XLS).
A client can seek access to their data by asking Restream of what they require at firstname.lastname@example.org. We at Restream believe to be at legal and moral obligation to facilitate any manner of an individual rights request.
In the manner same as accessing information, user can request Restream to modify their personal data, if it is inaccurate, incomplete or requires any sort modification or amendment.
The GDPR requires that a company be able to accommodate modification requests, as and when required.
Under the GDPR, users have the right to request that Restream delete all personal data it has collected from them. GDPR requires Restream to permanently remove users contact from their database, including verification results, all personal information, saved images/video, form submission data and credit card data.
In a GDPR compliant manner, a client can seek to have their data deleted by querying Restream at email@example.com. The Data protection officer at Restream will respond back within a 30-day period.