SUPPORT: GDPR

Everything you need to know about what we are doing to be GDPR ready.

KnowledgeVision and GDPR

The European Union General Data Protection Regulation, commonly known as GDPR, takes effect May 25, 2018.  This legislation impacts anyone whose business involves handling personal data about EU residents or within the EU.  Since we conduct business around the world, it is our goal to ensure KnowledgeVision and it's flagship product Knovio, complies with these regulations.

KnowledgeVision is committed to providing our customers with robust data privacy and security tools to ensure compliance with the requirements set forth in the GDPR. This article provides an overview of the data-related roles and responsibilities associated with KnowledgeVision and what we are doing to comply with the regulation.  At any time, you may request your information to be exported and sent to you for review, and we promptly honor any requests by you to have your information deleted and forgotten.

KnowledgeVision as the data processor

The contact information you store in Knovio are your data subjects, and you are considered the data controller for this personal data.  In our Terms of Service and Privacy Policy, we refer to this data as Client Data.

Using the Knovio app to manage your customers means that you have engaged KnowledgeVision as a data processor to carry out certain processing activities on your behalf. According to Article 28 of the GDPR, the relationship between the controller and the processor needs to be made in writing (electronic form is acceptable under subsection (9) of the same Article). Our Terms of Service and Privacy Policy documents also serve as your data processing contract, outlining the instructions that you are giving to KnowledgeVision with regard to processing the personal data you control and establishing the rights and responsibilities of both parties.  KnowlegeVision will only process your Client Data based on your instructions as the data controller.

 

Data transfers

The GDPR establishes strict requirements for moving data outside of its scope of protection.  If KnowledgeVision engages sub-processors outside the EEA, it is our job to ensure that we transfer the data lawfully.

We will keep an up-to-date list of sub-processors in our Terms of Service to be fully transparent about these transfers. This list will also explain what data is involved and how we have ensured that the data is adequately protected even after it leaves the EEA. We do this by making sure that our third-party service providers have either certified under the EU-US Privacy Shield framework or signed the EU Commission’s standard contractual clauses for data transfers with us.

If you have any questions about data transfers or KnowledgeVision's role as data processor, please contact us at dpo@knowledgevision.com.

KnowledgeVision as the data controller

Additionally, KnowledgeVision acts as the data controller for the personal data we collect about the user of our Knovio web app, Knovio mobile app and our websites - knovio.com and knowledgevision.com.  Specifically, we process

  1.  data that is necessary for us to perform our contract with you (GDPR Article 6(1)(b)).
  2. data to meet our obligations under the law (GDPR Article 6(1)(c)) — this primarily involves financial data and information that we need to meet our accountability obligations under the GDPR.
  3. personal data for our legitimate interests according to GDPR Article 6(1)(f).

What are these ‘legitimate interests’?

  • Improving the app to help you reach new levels of productivity.
  • Making sure that your data and KnowledgeVision's systems are safe and secure.
  • Responsible marketing of our software and its features.

As the controller for your personal data, Knowledgevision is committed to respect all your rights under the GDPR. If you have any questions or feedback, please reach out to our Data Protection Officer by email at dpo@knowledgevision.com.

What is KnowledgeVision doing to be GDPR compliant

As a company that has customers all over the world, we are committed to ensure we comply with the requirements set forth in the GDPR.  We value the privacy of our users and their clients and are implementing several technical and operational processes to safeguard personal data processed by KnowledgeVision.

 

Internal processes, security, and data transfers

A large part of GDPR compliance is making sure that there are procedures in place that ensure that data processes are mapped and auditable. We are including new processes in  our software development cycle to promote privacy and data protection from the start thereby minimizing privacy risks. Any access to the Client Data that we process on your behalf is strictly limited. Our internal procedures make sure that we meet the GDPR accountability requirements.

We have established a process for onboarding third-party service providers and adopting tools that makes sure these third-parties meet both KnowledgeVision and its customers expectations when it comes to privacy and security.

 

Readiness to comply with personal data access requests

Data subjects’ ownership of their personal data is at the heart of the GDPR. We have created an internal process to readily respond to data subject requests to delete, modify, or transfer their data. This means that our Customer Support Team along with any employee that assist them in their work are well-prepared to help you in any matters involving your personal data.

Our Terms of Service and Privacy Policy are constantly reviewed and revised to increase transparency and to make sure they meet GDPR requirements. It is very important to us that we comprehensively and openly explain our commitments and your rights. Additionally, we’re constantly mapping all our data processing activities to be able to comply with the GDPR accountability requirements.

 

Request cancellation or closure of account

To officially cancel your account(s) with KnowledgeVision, submit your request via email here.  We will respond to your request as soon as possible, but no longer than thirty(30) days.  Before we cancel an account, we will reach out to you to confirm the cancellation request and to validate your email. Upon completion of your request, you will receive written confirmation that your account information has been deleted.

 

Training

All of the above is supported by extensive training efforts of all our employees to ensure our GDPR compliant processes are followed. Sessions on data privacy and security are an integral part of our onboarding process and each department receives training that is tailored to their work involving personal data.

 

Policies and contracts for GDPR

We have updated our Privacy Policy and Terms of Service and our Data Processing Amendment (DPA) when required.  You can request an updated DPA by contacting our Data Protection Officer at dpo@knowledgevision.com.

 

What is KnowledgeVision's overall compliance plan for GDPR?

We are undertaking the following actions in connection with GDPR compliance:

  • Modifying our products to ensure compliance with GDPR requirements for processing personal data.
  • Auditing our Knovio app to determine what personal data we collect and why, and removing personal data that is not essential.
  • Outlining new data deletion procedures and practices that comply with GDPR's right to erasure requirement.
  • Providing a simple way to delete, modify, or export the personal data of data subjects for our customers using the Administration tab.
  • Following design principles to ensure our software engineers are building and modifying features that put privacy and data protection first.
  • Updating our privacy policies to keep our website visitors and customers informed of how we may collect and use their information.
  • Reviewing our marketing practices to ensure they comply with GDPR privacy and adding opt-in check boxes in our forms for data collection.
  • Entering into new Data Processing Amendments at the request of our current customers and vendors. Receive new DPAs by contacting dpo@knowledgevision.com.
  • Reviewing our security policies to ensure personal data that we process on behalf of our customers through the use of our services is adequately protected.

Lastly, we are continually evaluating and enhancing our policies and procedures and will make appropriate updates as required by the GDPR to ensure compliance.

KnowledgeVision is committed to ensuring your personal data is protected. Need more detailed information?  Reach out to our data protection officer at dpo@knowledgevision.com.