GPAL Privacy notice

April 2022, v1.4


When you use our services, you leave certain data on our systems. These data may include personal data. In this document we explain what personal data we collect about you, for what purpose we collect them and how we handle your personal data.

Our service

  • We make it possible for employees of an organization to upload instruction videos and to share these with and allow these to be viewed by other employees within that organization.
  • Our service consists of a browser-based website and the GPAL app. The website is the management environment for the administrators within an organization. The GPAL app is the end user environment for the employees within an organization.

Scale and purposes of data processing

  • To be able to use the GPAL app, GPAL has to create an account for the organization that is our customer. The administrator(s) of that organization ensure(s) in the management environment that end users receive a link to set their password for the GPAL app and to complete their registration. For that purpose, we collect the names and email addresses of end users provided by the administrator(s).
  • When you use the GPAL app as an employee, the data you upload (such as videos) and the data you view (videos of others) will be stored in the accounts. These data are intended to be used by your organization and also by us to enable us to provide and improve our services. Click here to see which data we process. We will not provide these data to any third parties other than AWS in Germany, as AWS acts as our and your employer’s processor as defined in the General Data Protection Regulation (GDPR).
  • We have no control over or influence on the data uploaded by end users.
  • Also in light of the provisions of the GDPR we take a ‘privacy by design’ and ‘privacy by default’ approach. Your privacy is our priority.

What security measures are taken to secure personal data?

GPAL adheres to the following data security standards:

  • SSL encryption on all connections
  • Signing of URLs to media files
  • Expiration of URLs to media files
  • Secure hashing algorithms to secure login credentials
  • AWS Geoblocking to control where GPAL can be used

Where are personal data stored?

  • GPAL uses the cloud services of Amazon Web Services (AWS) in Germany. The AWS cloud is operated from secure data centres and complies with European privacy legislation.
  • The GPAL iOS app uses the iOS keychain, which may or may not synchronize with iCloud depending on the system settings of the device.
  • The GPAL Android app uses encryption to store the login details.

In addition, we guarantee:

How long do we keep personal data?

We do not keep your personal data for longer than necessary for the purposes for which they were collected or used. Accordingly, we will ‘destroy’ your personal data on expiry of the data retention period or when keeping them is no longer necessary.

What rights do you have under the GDPR and how can you exercise those rights?

  • We take your privacy seriously. That is why we have made it as easy as possible for you and your organization to exercise these rights.
  • The administrator(s) can arrange this for you in their management environment.
  • We would therefore ask you to contact your own organization about this first.
  • You will, of course, always be able to submit your request to us. Click on Your privacy rights to find out what your rights are and how you can exercise them.


  • We use functional cookies only. Our cookies have little to no impact on your privacy.
  • We use the following cookies:
    • “HTML5 LocalStorage” to store the following data
      • JSON Web Token is used as authentication token for the user. This token contains the following data:
        • Users ID: A number used in GPAL backend
        • Client ID: A number used in GPAL backend
        • User’s First name, middle name and surname
        • User roles: List of ID’s of the different roles a user can have.
      • Client ID: ID of the selected GPAL organisation within the management console.


  • If you have any questions about this Privacy Notice or the use of this website, please contact us at:
    Oosterstraat 31a
    9711 NP Groningen, The Netherlands

Amendments to the Privacy Notice

  • GPAL reserves the right to amend this Privacy Notice. We therefore advise you to revisit this Privacy Notice on a regular basis to ensure you are familiar with its terms and any amendments made.