GPAL Privacy notice
April 2022, v1.4
By using our services, you leave certain information with us. That may be personal data. In this document we explain which personal data we collect from you, for what purpose we do this and how we handle it.
Our service
- We make it possible for employees of an organization to upload instruction videos and to share these with and allow these to be viewed by other employees within that organization.
- Our service consists of a browser-based website and the GPAL app. The website is the management environment for the administrators within an organization. The GPAL app is the end user environment for the employees within an organization.
Scope and purposes of data processing
- To be able to use the GPAL app, GPAL has to create an account for the organization that is our customer. The administrator(s) of that organization ensure(s) in the management environment that end users receive a link
to set their password for the GPAL app and to complete their registration. For that purpose, we collect the names and email addresses of end users provided by the administrator(s). - When you use the GPAL app as an employee, the data you upload (such as videos) and the data you view (videos of others) will be stored in the accounts. These data are intended to be used by your organization and also by us to enable us to provide and improve our services. Click here to see which data we
process. We will not provide these data to any third parties other than AWS in Germany, as AWS acts as our and your employer’s processor as defined in the General Data Protection Regulation (GDPR). - We have no control over or influence on the data uploaded by end users.
- Also in light of the provisions of the GDPR we take a ‘privacy by design’ and ‘privacy by default’ approach. Your privacy is our priority.
What security measures are taken to keep the data safe?
- GPAL adheres to the following data security standards:
- SSL encryption on all connections
- Signing of URLs to media files
- Expiration of URLs to media files
- Secure hashing algorithms to secure login credentials
- AWS Geoblocking to control where GPAL can be used.
Where is the data stored?
- GPAL uses the cloud services of Amazon Web Services (AWS) in Germany. The AWS-
cloud is operated from secure data centres and complies with European
privacy legislation. - The GPAL iOS app uses the iOS keychain, which may or may not synchronize with
iCloud depending on the system settings of the device. - The GPAL Android app uses encryption to store the login details.
We also insure:
- at least 99.95% ‘uptime’ by using Amazon Web Services.
(https://aws.amazon.com/compute/sla) - High degree of durability of media files stored by using Amazon
services. (https://aws.amazon.com/s3/sla/) - Daily backups of databases
How long do we keep the data?
- We do not keep your personal data for longer than necessary for the purposes for which they were
collected or used. Accordingly, we will ‘destroy’ your personal data on expiry of the data retention period
or when keeping them is no longer necessary.
What rights do you have under the Personal Data Protection Act, and how can you exercise them exercise?
- We take your privacy seriously. That is why we have made it as easy as possible for you and your organization to exercise these rights.
- The administrator(s) can arrange this for you in their management environment.
- We would therefore ask you to contact your own organization about this first.
- You will, of course, always be able to submit your request to us. Click on Your privacy rights to find out
what your rights are and how you can exercise them.
Cookies
- We use functional cookies only. Our cookies have little to no impact on your privacy.
- We use the following cookies:
- ”HTML5 LocalStorage” to store the following data
- JSON Web Token is used as authentication token for the user. This token contains the following data:
- Users ID: A number used in GPAL backend
- Client ID: A number used in GPAL backend
- User’s First name, middle name and surname
- User roles: List of ID’s of the different roles a user can have.
- Client ID: ID of the selected GPAL organisation within the management console.
- JSON Web Token is used as authentication token for the user. This token contains the following data:
- ”HTML5 LocalStorage” to store the following data
Questions
- If you have any questions about this Privacy Notice or the use of this website,
please contact us at:
GPAL
Oosterstraat 31A
9711 NP Groningen
support@gpal.nl
Amendments to the Privacy Notice
- GPAL reserves the right to amend this Privacy Notice. We therefore advise you to revisit this Privacy Notice on a regular basis to ensure you are familiar with its terms and any amendments made.