GDPR

Guide for clients

This document contains information about Easel TV’s compliance with the GDPR regulations, which may be of help to Easel TV’s clients in assessing their own compliance.

Introduction

The Easel TV Software-as-a-Service (SaaS) platform provides an end-to-end technology solution for organisations wishing to deliver premium content to an audience. Those organisations are referred to as Easel TV’s “Clients” throughout this document, in part to distinguish the organisations from the end-user consumer “Customers” who will use each Client’s service.

In order to operate Easel TV’s cloud software platform, it is necessary to process and store Customers’ personal information and this therefore requires Easel TV to document what is held, why it is held, how long it is held for, how it is deleted and how it is justified in line with the GDPR regulations.

There are two types of data covered by this document:

  • Data processed and stored by Easel TV within the Easel TV platform on third-party cloud services (for example, Amazon Web Services) – This data is within Easel TV’s responsibility as a data processor and within the Client’s ultimate responsibility as the Client holds the commercial relationship with the Customers
  • Data processed and stored by third-parties on behalf of each Client, where the commercial relationship is between the Client and the third-party directly (for example, Stripe or Google Analytics) – This data is the Client’s responsibility

This document also covers the right of Customers to be forgotten and the right of Customers to request whatever data is held about them, to guide Clients on how to comply with these requirements when using Easel TV.

Note that not all Clients use all the data specified below; please select the relevant subset for your implementation of Easel TV.

This document also forms part of Easel TV’s policy for data storage and retention.

Key to each column in the tables

ColumnPurpose
Data storedThe specific item of data stored – what is it?
When collected?What Customer actions result in the collection of this data?
GDPR reason?Which GDPR justification applies to the collection of this data? This can be one of: Consent – The individual has given clear consent for you to process their personal data for a specific purpose. Contract – the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract. Legal obligation – the processing is necessary for you to comply with the law (not including contractual obligations). Legitimate interests – the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
Why captured?The reason this data is processed and stored by Easel TV. What do we use it for? Why do we need it? This explains the GDPR reason for collection.
Where stored?For data stored by Easel TV within its cloud platform, the contents of this column will usually be “AWS Aurora” or sometimes another third party. For data stored by third parties, this will usually either be “Stripe” or “Google Analytics”
How long?How long do we keep the data for? Why do we need to keep it that long?
Option to opt out?Is there an option for the user to opt out of having this information captured on the Consent/Privacy pop-up/menus?
How deleted?How will the data be deleted if the period expires, or if the Customer wants to be forgotten?

Data stored by Easel TV

Easel TV stores data necessary to fulfil its role in operating its Client’s services. This data is necessary for Easel TV to fulfil its obligations under the Service Level Agreement (SLA) included in the contract with its clients.

Most data is stored in the AWS Aurora database which is operated as a service by Amazon Web Services (AWS). Security is managed using the Shared Responsibility Model for Container Services where AWS handles security of the infrastructure, network, operating system and application. This includes geographic redundancy with automatic failover and full daily backups. Easel TV handles the security of firewall configuration, data access and data integrity. This includes individual account access for the Easel TV application and administrators through encrypted channels only from the Easel TV office for the application infrastructure hosted by AWS.

Other data is held for error reporting in the Freshdesk system when reported by the Client. Most errors and incidents do not need Customer data to be recorded in Freshdesk and Easel TV recommends that customer data is only included where absolutely necessary to enable Easel TV to diagnose a problem.

Data storedWhen collected?GDPR reason?Why captured?Where stored?How long?Option to opt out?How deleted?
Name (first and last name)RegistrationContractTo allow registration of user so they can use the serviceAWS Aurora databaseUntil the account is deactivatedNoCustomers contact customer support to ask for their account to be deactivated, in which case their name is permanently deleted from the system via the admin dashboard. See below.
Email (User ID for user's account)RegistrationContractTo form the unique user ID for each user and to allow purchase receipts and marketing (if opted-in) to be sentAWS Aurora databaseUntil the account is deactivatedNoUsers can contact customer support and ask for their account to be removed, in which case the email is permanently deleted from the system. See below.
Postcode (if implemented)RegistrationConsentTo allow specific marketing campaigns if required - optional to user. This is not a compulsory field on registration as there is no postcode validation.AWS Aurora databaseUntil the account is deactivatedYesUsers can contact customer support and ask for their account to be removed, in which case the email is permanently deleted from the system. See section below.
Membership number (if implemented)RegistrationContractTo allow membership discounts and benefits to be experiencedAWS Aurora databaseUntil the account is deactivated, the user removes it themselves via the website or by request via support.YesUsers can manage their membership numbers on the website if required and they can also contact customer support and ask for their membership number to be removed.
Gender (if implemented)RegistrationConsent (data is optional)To enable relevant content and offers to be proposed to the end userAWS Aurora databaseUntil the account is deactivated, the user removes it themselves via the website or by request via supportYesUsers can edit their profile to remove this information or can request that Customer Services deactivate their account
Year of birth (if implemented)RegistrationConsent (data is optional)To enable relevant content and offers to be proposed to the end userAWS Aurora databaseUntil the account is deactivated, the user removes it themselves via the website or by request via supportYesUsers can edit their profile to remove this information or can request that Customer Services deactivate their account
User agent (when registering on a browser)RegistrationConsentFor diagnostic reasonsAWS Aurora database30 days after relevant useNoDisassociated when the account is deactivated. users can contact customer support and ask for their account to be deactivated. See below.
Opt in/out statusRegistrationLegal obligationTo capture if customers would like to receive marketing emails from our clients or notAWS Aurora databaseUntil the account is deactivatedNoDisassociated when the account is deactivated. See below.
IP addressRegistration / purchase / playbackLegitimate interestsIP address is stored for anti-piracy monitoring and diagnostics of territorial content rights controlsAWS Aurora database (multiple tables)24 monthsNoDisassociated when the account is deactivated. See below. Removed through scheduled process.
Country and city (from geo-IP address check)Registration / purchase / playbackLegitimate interestsLocation is stored for anti-piracy monitoring and diagnostics of territorial content rights controls.AWS Aurora database (multiple tables)24 monthsNoDisassociated when the account is deactivated. See below. Removed through scheduled process.
Date of Place of Habitual Residence checkPrior to first purchase and every 2 years thereafterLegal obligationTo record that we have checked the user's place of habitual residence under EU Portability rules; Note that this is the date the check was performed and not the location itself, which is not stored for this purpose.AWS Aurora database (multiple tables)Until next check is performed; first purchase after 24 months elapsedNoDisassociated when the account is deactivated – see below – or replaced by more recent check after 24 months.
Usage - purchasesPurchaseContractCapture each financial transaction between our client and its customer. Our clients use this to report back to their suppliers to determine billing.AWS Aurora databaseForeverNoDisassociated when the account is deactivated. See below.
Usage - entitlementsPlaybackLegitimate interestsOur clients use this data to report back to its suppliers to determine billing, anti-piracy and territorial content rights controlsAWS Aurora databaseForeverNoDisassociated when the account is deactivated. See below.
Usage - bookmarkPlaybackConsent and Legitimate interestsTo allow playback to restart from the same point if the user pauses or changes device (Consent) and to measure usage to provide data for anti-piracy monitoring (Legitimate interests)AWS Aurora database24 monthsNoDisassociated when the account is deactivated. See below. Removed through scheduled process which aggregates total usage for each entitlement.
Usage - deviceSign-in on each deviceContract, Consent and Legitimate interestsTo persist sign-in for users on multiple devices (Contract and Consent) and to manage devices. It is required so that the maximum number of devices is controlled (Legitimate interests)AWS Aurora databaseUntil sign-out. Web sessions expire after 30 days’ inactivity.NoDisassociated when the account is deactivated. See below. Web sessions expire after 30 days inactivity.
Audit of account deactivationAccount deactivation by Customer ServiceLegitimate interestsTo record that an account has been deactivated in order to demonstrate compliance with GDPR.AWS Aurora databaseForeverNANA
Usage data: Video quality of experience monitoringViewing videoConsent (in Ts&Cs) and Legitimate Interest (for anti-piracy), though also anonymisedProduct success measurement: quality of video experience Anti-piracyMUXWe advise 26 monthsNoAutomatically by MUX if policy set. 3 months?
Customer data – name and, emailCustomer complaints / queriesLegitimate interestsFor customer incident diagnosis resulting from Customer contact with Client’s customer service.Freshdesk, or equivalent helpdesk solution24-36 MonthsNoManual process, run annually on or around 1st January each year.
Error monitoringViewing video and navigationConsent (in Ts&Cs) and Legitimate Interest; also anonymisedError capturing and performance monitoringSentryWe advise 26 monthsNoAutomatically by MUX if policy set.

Data stored by third-parties on behalf of Client

Whilst Easel TV is not responsible for data stored by third-parties where the commercial relationship is maintained by the Client directly with the third-party, we offer is guidance as to how our Clients could meet their obligations under the GDPR regulations.

Data storedWhen collected?GDPR reason?Why captured?Where is it stored?How long?Option to opt out?How deleted?
Usage data: Traffic sourceFirst visit to websiteNA – AnonymisedCampaign measurementGoogle AnalyticsWe advise 26 monthsYesAutomatically by Google if policy set
Usage data: User journeyWebsite navigationNA – AnonymisedUX analysisGoogle AnalyticsWe advise 26 monthsYesAutomatically by Google if policy set
Usage data: e-commercePurchase transactionsContract, though also anonymisedSales performanceGoogle AnalyticsWe advise 26 monthsYesAutomatically by Google if policy set
Usage data: Viewing dataViewing videoConsent (in Ts&Cs) and Legitimate Interest (for anti-piracy), though also anonymisedAnti-piracy Product success measurementGoogle AnalyticsWe advise 26 monthsYesAutomatically by Google if policy set
Usage data: Video quality of experience monitoringViewing videoConsent (in Ts&Cs) and Legitimate Interest (for anti-piracy), though also anonymisedProduct success measurement: quality of video experience. Anti-piracyMUXWe advise 26 monthsNoAutomatically by MUX if policy set. 3 months?
Credit Card dataCustomer enters card details during purchaseConsentTo facilitate purchasesStripe (PCI compliant)7 years or longer; dependent on Stripe’s terms.NoAutomatically by Stripe
Credit Card dataCustomer agrees to store card data during purchaseConsentTo streamline future purchasesStripe (PCI compliant)Until Customer chooses to delete or their account is deactivatedNoBy Customer or Client agent

The right to request data **

If the Client receives a request from a Customer to disclose all data held, the best way to respond to this request is to send a screenshot of the Customer Service Screen for that Customer. Depending on the size and resolution of the screen being used by the Client’s staff, it may be necessary to capture more than one screen. We recommend that the screenshot is appropriately cropped and encrypted before it is emailed to the Customer, perhaps in a password-protected .ZIP file, or printed and sent securely by post.

Clients should be aware that copies of any email sent, such as in a sent folder, are also subject to GDPR regulations and that it must be possible to demonstrate compliance with such a request – so a record of the response must be kept, whether in email or another system such as Freshdesk, or whatever customer issue reporting system is in use. The Client has a legitimate interest in keeping this data.

Example screenshots:

The right to be forgotten **

Under GDPR regulations, Customers may request that all data held about them is deleted.

The Easel TV cloud platform performs functions that mean that some data is contractually required to be retained or for which there is a legitimate interest by Easel TV or its Clients to retain data, as documented above. For this reason, when Customers request all data is deleted, Easel TV does not delete all data relating to a Customer but anonymises the Customer’s data record instead. This process is known as “Account Deactivation” and cannot be reversed. The deactivation itself is recorded as a “legitimate interest”, so that compliance with the regulations can be demonstrated through an audit trail. It is not possible to find the account through the customer management screens after deactivation by using any personal data. Deactivated accounts are given a randomised unique code.

All financial and usage reporting will include any transactions or usage from the anonymised account, but without any personal data. After an account is deactivated, it is possible for a Customer to create a new account with the same user ID as the deactivated account.