GDPR
Guide for clients
This document contains information about Easel TV’s compliance with the GDPR regulations, which may be of help to Easel TV’s clients in assessing their own compliance.
Introduction
The Easel TV Software-as-a-Service (SaaS) platform provides an end-to-end technology solution for organisations wishing to deliver premium content to an audience. Those organisations are referred to as Easel TV’s “Clients” throughout this document, in part to distinguish the organisations from the end-user consumer “Customers” who will use each Client’s service.
In order to operate Easel TV’s cloud software platform, it is necessary to process and store Customers’ personal information and this therefore requires Easel TV to document what is held, why it is held, how long it is held for, how it is deleted and how it is justified in line with the GDPR regulations.
There are two types of data covered by this document:
- Data processed and stored by Easel TV within the Easel TV platform on third-party cloud services (for example, Amazon Web Services) – This data is within Easel TV’s responsibility as a data processor and within the Client’s ultimate responsibility as the Client holds the commercial relationship with the Customers
- Data processed and stored by third-parties on behalf of each Client, where the commercial relationship is between the Client and the third-party directly (for example, Stripe or Google Analytics) – This data is the Client’s responsibility
This document also covers the right of Customers to be forgotten and the right of Customers to request whatever data is held about them, to guide Clients on how to comply with these requirements when using Easel TV.
Note that not all Clients use all the data specified below; please select the relevant subset for your implementation of Easel TV.
This document also forms part of Easel TV’s policy for data storage and retention.
Key to each column in the tables
| Column | Purpose |
|---|---|
| Data stored | The specific item of data stored – what is it? |
| When collected? | What Customer actions result in the collection of this data? |
| GDPR reason? | Which GDPR justification applies to the collection of this data? This can be one of: Consent – The individual has given clear consent for you to process their personal data for a specific purpose. Contract – the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract. Legal obligation – the processing is necessary for you to comply with the law (not including contractual obligations). Legitimate interests – the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. |
| Why captured? | The reason this data is processed and stored by Easel TV. What do we use it for? Why do we need it? This explains the GDPR reason for collection. |
| Where stored? | For data stored by Easel TV within its cloud platform, the contents of this column will usually be “AWS Aurora” or sometimes another third party. For data stored by third parties, this will usually either be “Stripe” or “Google Analytics” |
| How long? | How long do we keep the data for? Why do we need to keep it that long? |
| Option to opt out? | Is there an option for the user to opt out of having this information captured on the Consent/Privacy pop-up/menus? |
| How deleted? | How will the data be deleted if the period expires, or if the Customer wants to be forgotten? |
Data stored by Easel TV
Easel TV stores data necessary to fulfil its role in operating its Client’s services. This data is necessary for Easel TV to fulfil its obligations under the Service Level Agreement (SLA) included in the contract with its clients.
Most data is stored in the AWS Aurora database which is operated as a service by Amazon Web Services (AWS). Security is managed using the Shared Responsibility Model for Container Services where AWS handles security of the infrastructure, network, operating system and application. This includes geographic redundancy with automatic failover and full daily backups. Easel TV handles the security of firewall configuration, data access and data integrity. This includes individual account access for the Easel TV application and administrators through encrypted channels only from the Easel TV office for the application infrastructure hosted by AWS.
Other data is held for error reporting in the Freshdesk system when reported by the Client. Most errors and incidents do not need Customer data to be recorded in Freshdesk and Easel TV recommends that customer data is only included where absolutely necessary to enable Easel TV to diagnose a problem.
| Data stored | When collected? | GDPR reason? | Why captured? | Where stored? | How long? | Option to opt out? | How deleted? |
|---|---|---|---|---|---|---|---|
| Name (first and last name) | Registration | Contract | To allow registration of user so they can use the service | AWS Aurora database | Until the account is deactivated | No | Customers contact customer support to ask for their account to be deactivated, in which case their name is permanently deleted from the system via the admin dashboard. See below. |
| Email (User ID for user's account) | Registration | Contract | To form the unique user ID for each user and to allow purchase receipts and marketing (if opted-in) to be sent | AWS Aurora database | Until the account is deactivated | No | Users can contact customer support and ask for their account to be removed, in which case the email is permanently deleted from the system. See below. |
| Postcode (if implemented) | Registration | Consent | To allow specific marketing campaigns if required - optional to user. This is not a compulsory field on registration as there is no postcode validation. | AWS Aurora database | Until the account is deactivated | Yes | Users can contact customer support and ask for their account to be removed, in which case the email is permanently deleted from the system. See section below. |
| Membership number (if implemented) | Registration | Contract | To allow membership discounts and benefits to be experienced | AWS Aurora database | Until the account is deactivated, the user removes it themselves via the website or by request via support. | Yes | Users can manage their membership numbers on the website if required and they can also contact customer support and ask for their membership number to be removed. |
| Gender (if implemented) | Registration | Consent (data is optional) | To enable relevant content and offers to be proposed to the end user | AWS Aurora database | Until the account is deactivated, the user removes it themselves via the website or by request via support | Yes | Users can edit their profile to remove this information or can request that Customer Services deactivate their account |
| Year of birth (if implemented) | Registration | Consent (data is optional) | To enable relevant content and offers to be proposed to the end user | AWS Aurora database | Until the account is deactivated, the user removes it themselves via the website or by request via support | Yes | Users can edit their profile to remove this information or can request that Customer Services deactivate their account |
| User agent (when registering on a browser) | Registration | Consent | For diagnostic reasons | AWS Aurora database | 30 days after relevant use | No | Disassociated when the account is deactivated. users can contact customer support and ask for their account to be deactivated. See below. |
| Opt in/out status | Registration | Legal obligation | To capture if customers would like to receive marketing emails from our clients or not | AWS Aurora database | Until the account is deactivated | No | Disassociated when the account is deactivated. See below. |
| IP address | Registration / purchase / playback | Legitimate interests | IP address is stored for anti-piracy monitoring and diagnostics of territorial content rights controls | AWS Aurora database (multiple tables) | 24 months | No | Disassociated when the account is deactivated. See below. Removed through scheduled process. |
| Country and city (from geo-IP address check) | Registration / purchase / playback | Legitimate interests | Location is stored for anti-piracy monitoring and diagnostics of territorial content rights controls. | AWS Aurora database (multiple tables) | 24 months | No | Disassociated when the account is deactivated. See below. Removed through scheduled process. |
| Date of Place of Habitual Residence check | Prior to first purchase and every 2 years thereafter | Legal obligation | To record that we have checked the user's place of habitual residence under EU Portability rules; Note that this is the date the check was performed and not the location itself, which is not stored for this purpose. | AWS Aurora database (multiple tables) | Until next check is performed; first purchase after 24 months elapsed | No | Disassociated when the account is deactivated – see below – or replaced by more recent check after 24 months. |
| Usage - purchases | Purchase | Contract | Capture each financial transaction between our client and its customer. Our clients use this to report back to their suppliers to determine billing. | AWS Aurora database | Forever | No | Disassociated when the account is deactivated. See below. |
| Usage - entitlements | Playback | Legitimate interests | Our clients use this data to report back to its suppliers to determine billing, anti-piracy and territorial content rights controls | AWS Aurora database | Forever | No | Disassociated when the account is deactivated. See below. |
| Usage - bookmark | Playback | Consent and Legitimate interests | To allow playback to restart from the same point if the user pauses or changes device (Consent) and to measure usage to provide data for anti-piracy monitoring (Legitimate interests) | AWS Aurora database | 24 months | No | Disassociated when the account is deactivated. See below. Removed through scheduled process which aggregates total usage for each entitlement. |
| Usage - device | Sign-in on each device | Contract, Consent and Legitimate interests | To persist sign-in for users on multiple devices (Contract and Consent) and to manage devices. It is required so that the maximum number of devices is controlled (Legitimate interests) | AWS Aurora database | Until sign-out. Web sessions expire after 30 days’ inactivity. | No | Disassociated when the account is deactivated. See below. Web sessions expire after 30 days inactivity. |
| Audit of account deactivation | Account deactivation by Customer Service | Legitimate interests | To record that an account has been deactivated in order to demonstrate compliance with GDPR. | AWS Aurora database | Forever | NA | NA |
| Usage data: Video quality of experience monitoring | Viewing video | Consent (in Ts&Cs) and Legitimate Interest (for anti-piracy), though also anonymised | Product success measurement: quality of video experience Anti-piracy | MUX | We advise 26 months | No | Automatically by MUX if policy set. 3 months? |
| Customer data – name and, email | Customer complaints / queries | Legitimate interests | For customer incident diagnosis resulting from Customer contact with Client’s customer service. | Freshdesk, or equivalent helpdesk solution | 24-36 Months | No | Manual process, run annually on or around 1st January each year. |
| Error monitoring | Viewing video and navigation | Consent (in Ts&Cs) and Legitimate Interest; also anonymised | Error capturing and performance monitoring | Sentry | We advise 26 months | No | Automatically by MUX if policy set. |
Data stored by third-parties on behalf of Client
Whilst Easel TV is not responsible for data stored by third-parties where the commercial relationship is maintained by the Client directly with the third-party, we offer is guidance as to how our Clients could meet their obligations under the GDPR regulations.
| Data stored | When collected? | GDPR reason? | Why captured? | Where is it stored? | How long? | Option to opt out? | How deleted? |
|---|---|---|---|---|---|---|---|
| Usage data: Traffic source | First visit to website | NA – Anonymised | Campaign measurement | Google Analytics | We advise 26 months | Yes | Automatically by Google if policy set |
| Usage data: User journey | Website navigation | NA – Anonymised | UX analysis | Google Analytics | We advise 26 months | Yes | Automatically by Google if policy set |
| Usage data: e-commerce | Purchase transactions | Contract, though also anonymised | Sales performance | Google Analytics | We advise 26 months | Yes | Automatically by Google if policy set |
| Usage data: Viewing data | Viewing video | Consent (in Ts&Cs) and Legitimate Interest (for anti-piracy), though also anonymised | Anti-piracy Product success measurement | Google Analytics | We advise 26 months | Yes | Automatically by Google if policy set |
| Usage data: Video quality of experience monitoring | Viewing video | Consent (in Ts&Cs) and Legitimate Interest (for anti-piracy), though also anonymised | Product success measurement: quality of video experience. Anti-piracy | MUX | We advise 26 months | No | Automatically by MUX if policy set. 3 months? |
| Credit Card data | Customer enters card details during purchase | Consent | To facilitate purchases | Stripe (PCI compliant) | 7 years or longer; dependent on Stripe’s terms. | No | Automatically by Stripe |
| Credit Card data | Customer agrees to store card data during purchase | Consent | To streamline future purchases | Stripe (PCI compliant) | Until Customer chooses to delete or their account is deactivated | No | By Customer or Client agent |
The right to request data **
If the Client receives a request from a Customer to disclose all data held, the best way to respond to this request is to send a screenshot of the Customer Service Screen for that Customer. Depending on the size and resolution of the screen being used by the Client’s staff, it may be necessary to capture more than one screen. We recommend that the screenshot is appropriately cropped and encrypted before it is emailed to the Customer, perhaps in a password-protected .ZIP file, or printed and sent securely by post.
Clients should be aware that copies of any email sent, such as in a sent folder, are also subject to GDPR regulations and that it must be possible to demonstrate compliance with such a request – so a record of the response must be kept, whether in email or another system such as Freshdesk, or whatever customer issue reporting system is in use. The Client has a legitimate interest in keeping this data.
Example screenshots:
The right to be forgotten **
Under GDPR regulations, Customers may request that all data held about them is deleted.
The Easel TV cloud platform performs functions that mean that some data is contractually required to be retained or for which there is a legitimate interest by Easel TV or its Clients to retain data, as documented above. For this reason, when Customers request all data is deleted, Easel TV does not delete all data relating to a Customer but anonymises the Customer’s data record instead. This process is known as “Account Deactivation” and cannot be reversed. The deactivation itself is recorded as a “legitimate interest”, so that compliance with the regulations can be demonstrated through an audit trail. It is not possible to find the account through the customer management screens after deactivation by using any personal data. Deactivated accounts are given a randomised unique code.
All financial and usage reporting will include any transactions or usage from the anonymised account, but without any personal data. After an account is deactivated, it is possible for a Customer to create a new account with the same user ID as the deactivated account.
Updated 6 months ago