The General Data Protection Regulation (GDPR) is a European Union (EU) regulation that mandates how an organization should handle personal data. The GDPR came into force on May 25, 2018.
The General Data Protection Regulation (GDPR) is aimed at giving end-users throughout the European Economic Area (EEA) and United Kingdom (UK) control over their personal data. GDPR applies to you if you are an end-user or business, located in the EEA or UK.
How our add-ons enable you to comply with GDPR policies
As a customer, you operate as the data controller and we are considered a data processor. You have the responsibility for ensuring that the personal data of subjects you are collecting is being processed lawfully and, similar to other controllers and processors that process personal data on behalf of a data controller, are expected to comply with the GDPR.
Data Storage and Processing
All your data is stored in your Google account, inside Google Calendar, Google Classroom, Google Sheets, or Google Drive. Our addons read the data directly from your data source and perform the necessary actions (like retrieving students list, classroom list, sending calendar invites, generating report) without transferring and storing any personally identifiable information (PII).
Our addons store the following data and strictly use them for the stated purpose only:
- Add-on owner’s email - for product license validation
We store and process this data in AWS DynamoDB (GDPR ready) and its servers are located in the Oregon, United States (West) data center.
All data are encrypted using the AWS owned CMK and stored in an encrypted table.
All the email messages were sent by Google Calendar and Google Classroom API. The email messages are not stored on our servers.
We use Google’ Stackdriver logging tool for error tracking and debugging errors. It includes stack traces, error messages and the logs do not include any PII data.
We use ChargeBee to manage your payments and subscriptions. The payment processors only provide the customer’s email address and, in the case of ChargeBee, the shipping address for generating invoice. We do not have access to any banking or credit card information of our customers.
We do not transfer, sell, make copies, or share any of your PII data processed by our Google Add-ons to third party services or companies. We only store data that is absolutely necessary for our add-ons to function.
You can use download and export all your attendee’s attendance information in Google Sheets. This allows for easier migration to other services.
Data Erasure (Right to be forgotten)
All addons have 30 days of data retention period, starting from the expiration date of the license. We will permanently delete all user’s data from the database when the data retention period is ended. You can also contact us to submit a deletion requires and, in compliance towards GDPR, we’ll permanently delete all your data.
If you uninstall a Google add-on, or revoke access to the addon from your Google Account, the add-on will not be able to access any of your data after the 30 days data retention period.
Our Google add-on use your own G Mail account to send emails and invitations. Our tools only facilitate your compliance to GDPR, your practice in handling the attendee’s data is key to complying with GDPR.