The General Data Protection Regulation (GDPR) is a European Union (EU) regulation that mandates how an organization should handle personal data. The GDPR came into force on May 25, 2018.
The General Data Protection Regulation (GDPR) is aimed at giving end-users throughout the European Economic Area (EEA) and the United Kingdom (UK) control over their personal data. GDPR applies to you if you are an end-user or business, located in the EEA or UK.
How our add-ons enable you to comply with GDPR policies
As a customer, you operate as the data controller and we are considered a data processor. You have the responsibility for ensuring that the personal data of subjects you are collecting is being processed lawfully and, similar to other controllers and processors that process personal data on behalf of a data controller, are expected to comply with the GDPR.
Data Storage and Processing
All your data is stored in your Google account, inside Google Calendar, Google Classroom, Google Sheets, or Google Drive. Our add-ons read the data directly from your data source and perform the necessary actions (like retrieving students' lists, and classroom lists, sending calendar invites, and generating reports) without transferring and storing any personally identifiable information (PII).
Our add-ons store the following data and strictly use them for the stated purpose only:
- Add-on owner’s email - for product license validation
We store and process this data in AWS DynamoDB (GDPR ready) and its servers are located in the Oregon, United States (West) data center.
All data are encrypted using the AWS-owned CMK and stored in an encrypted table.
All the email messages were sent by Google Calendar and Google Classroom API. The email messages are not stored on our servers.
We use Google’s Stackdriver logging tool for error tracking and debugging errors. It includes stack traces, and error messages, and the logs do not include any PII data.
We use ChargeBee to manage your payments and subscriptions. The payment processors only provide the customer’s email address and, in the case of ChargeBee, the shipping address for generating invoices. We do not have access to any banking or credit card information of our customers.
We do not transfer, sell, make copies, or share any of your PII data processed by our Google Add-ons to third-party services or companies. We only store data that is absolutely necessary for our add-ons to function.
You can use download and export all your attendee’s attendance information in Google Sheets. This allows for easier migration to other services.
Data Erasure (Right to be forgotten)
All add-ons have 30 days of the data retention period, starting from the expiration date of the license. We will permanently delete all user’s data from the database when the data retention period is ended. You can also contact us to submit a deletion requires and, and in compliance with GDPR, we’ll permanently delete all your data.
If you uninstall a Google add-on or revoke access to the add-on from your Google Account, the add-on will not be able to access any of your data after the 30 days data retention period.
Our Google add-on uses your own G Mail account to send emails and invitations. Our tools only facilitate your compliance with GDPR, your practice in handling the attendee’s data is key to complying with GDPR.