GPAL Privacy notice

April 2022, v1.4

By using our services, you leave certain information with us. That may be personal data. In this document we explain which personal data we collect from you, for what purpose we do this and how we handle it.

Our service

  • We make it possible for employees of an organization to upload instruction videos and to share these with and allow these to be viewed by other employees within that organization.
  • Our service consists of a browser-based website and the GPAL app. The website is the management environment for the administrators within an organization. The GPAL app is the end user environment for the employees within an organization.

Scope and purposes of data processing

  • To be able to use the GPAL app, GPAL has to create an account for the organization that is our customer.  The administrator(s) of that organization  ensure(s) in the management environment that end users receive a link
    to set their password for the GPAL app and to complete  their registration. For that purpose, we collect the names and email addresses of end users provided by the administrator(s).
  • When you use the GPAL app  as an employee, the data you upload (such as videos) and the data you view  (videos of others) will be stored in the accounts. These data are intended to be used  by your organization and also by us to enable us to provide and improve our services.   Click here  to see which data we
    process. We will not provide these data to any third parties other than AWS in  Germany, as AWS acts as our and your employer’s processor as defined in the General Data Protection Regulation  (GDPR).
  • We have no control over or influence on the data uploaded by end users.
  • Also in light of the provisions of the GDPR we take a ‘privacy by design’ and ‘privacy by default’  approach. Your privacy is our priority.

What security measures are taken to keep the data safe?

  • GPAL adheres to the following data security standards:
  • SSL encryption on all connections
  • Signing of URLs to media files
  • Expiration of URLs to media files
  • Secure hashing algorithms to secure login credentials
  • AWS Geoblocking to control where GPAL can be used.

Where is the data stored?

  • GPAL uses the cloud services of Amazon Web Services (AWS) in Germany. The AWS-
    cloud is operated from secure data centres and complies with European
    privacy legislation.
  • The GPAL iOS app uses the iOS keychain, which may or may not synchronize with
    iCloud depending on the system settings of the device.
  • The GPAL Android app uses encryption to store the login details.

We also insure:

  • at least 99.95% ‘uptime’ by using Amazon Web Services.
  • High degree of durability of media files stored by using Amazon
    services. (
  • Daily backups of databases

How long do we keep the data?

  • We do not keep your personal data for longer than necessary for the purposes for which they were
    collected or used. Accordingly, we will ‘destroy’ your personal data on expiry of the data retention period
    or when keeping them is no longer necessary.

What rights do you have under the Personal Data Protection Act, and how can you exercise them exercise?

  • We take your privacy seriously. That is why we have made it as easy as possible for you and your organization  to exercise these rights.
  • The administrator(s) can arrange this for you in their management environment.
  • We would therefore ask you to contact your own organization about this first.
  • You will, of course, always be able to submit your request to us. Click on Your privacy rights to find out
    what your rights are and how you can exercise them.


  • We use functional cookies only. Our cookies have little to no impact  on your privacy.
  • We use the following cookies:
    • ”HTML5 LocalStorage” to  store the following  data
      • JSON Web Token is used as authentication token for the  user. This token contains the following data:
        • Users ID: A number used in GPAL backend
        • Client ID: A number used in GPAL backend
        • User’s First name, middle name and surname
        • User roles: List of ID’s of the different roles a user can have.
      • Client ID: ID of the selected GPAL organisation within the management console.


  • If you have any questions about this Privacy Notice or the use of this website,
    please contact us at:
    Oosterstraat 31A
    9711 NP Groningen

Amendments to the Privacy Notice

  • GPAL reserves the right to amend this Privacy Notice. We  therefore advise you to revisit this Privacy Notice on a regular basis to ensure you are familiar with its  terms and any amendments made.