RDS KNOWLEDGE BASE

Refined Data GDPR Compliance

Owned by Caroline Reilly
Last updated: May 29, 2018

It's your data. Keep it that way.

A new law in the European Union (EU) strengthens data privacy for consumers.

Beginning May 25, 2018, the EU's new General Data Protection Regulation (GDPR) gives EU consumers more control over how their personal data is handled. In the spirit of, and in compliance with, GDPR, we are updating all of our Refined Data custom pods and want you to understand how this might impact your users’ experience inside of Adobe Connect meetings and classrooms where you deploy our tools.

We also want you to know what personal data we collect, and what we do — and don't do — with it.

Please read the following information carefully because it may impact your users after the GDPR rules take effect even if your events do not include EU citizens, or users who join your events from within an EU jurisdiction.

What kind of data we collect

Refined Data is only interested in data that helps us deliver valued services to you and your users. Our tools help you run smarter, more interactive, and more efficient events, while providing better tracking of what took place in the room. The data we track may include:

  • A User’s Name, IP address (Vantage Point, rPhone, Footprints)
  • Phone Number (rPhone)
  • Computer Environment – Operating System/Devices/Connectivity etc. (Vantage Point)

Where possible, our tools do not store information beyond the duration of each live meeting or classroom. Pods such as Hands Up and rPhone do not store any personally identifiable information in our databases.

Most of the data we collect is provided to us by the underlying Adobe Connect environment.

Additionally, when you visit our website or help resources, we use cookies to deliver a better web experience during the session and for the next time a visitor returns.

What we do with data we collect

Our primary goal is to safeguard the data that our clients and their users provide to us explicitly or implicitly. All data is hosted on state of the art Amazon Relational Database Service‎ using encryption wherever possible. We use industry standard practices to prevent intrusion to our systems.

What we don't do with data

We have never and will never sell your information to marketers or other vendors. We will never contact your users directly or indirectly. We will never provide access to your data, except for the purpose of running the service you subscribe to.

What's next?

The new GDPR regulations require us to advise users of our tools, that their personal information may be stored on our servers, but most of them are likely to be unaware of our company or its products. Since we can never know if a specific user in a meeting is an EU citizen or is joining from an EU country, we are effectively required to obtain this explicit consent from each and every user of our tools on a one-time basis unless you, as our client, can provide a written release that you are obtaining this consent prior to the user entering the Adobe Connect environment. Remember, if your users are entering Connect with a username and password, personal information is already being collected by Adobe and since our custom pods run inside of the Connect environment, we have access to this information. Your users may not know this unless you inform them.

You can obtain this consent in several ways;

  • Activate the Adobe Connect Compliance Notification for your account (Administration | Compliance and Control | Recordings and Notice | Enable Compliance Notice)
  • You can enter up to 1,500 characters as part of your Terms of Use requirement that must be agreed to before the user can enter the virtual space.
  • On your LMS, Event Registration Page, Landing or Linking Page, include clear and explicit language that explains that by registering, launching or entering the meeting space, the user is providing consent for the collection of personal information by Adobe and other parties that may include Refined Data Solutions (depending upon which pods you run)
  • Make this information and their consent, part of your system registration process if access to your system also provides Single Sign On access to Adobe Connect rooms.
  • Wherever possible, we recommend the use of a double opt-in mechanism to our clients although this is neither always possible or desirable.

If you can obtain this consent or make consent an explicit requirement of using your systems and can provide us the assurance that such consent has been obtained in advance, we can flag your account and no change in the Adobe Connect room behavior will be seen.  To do this, click one of links below and submit your completed release form to support@refineddata.com

GDPR Release Notice.pdf

If we do not receive such an assurance and written release, our pods will present a one-time Privacy and Consent pop-up as soon as a user enters a room where our pods are running. If the user agrees and acknowledges that their information from the event may be stored, we will flag that SCO-ID in our system and the user will never see the popup again. A Privacy button will remain in the Adobe Connect menu bar so that a user is able to withdraw their consent at any time – this is a requirement of the legislation.

Please note that any user who refuses to provide consent will be warned that such refusal will result in any existing data being erased and they will also be ejected from the room. Our tools cannot be selective about which users are tracked and so we have no option but to eject anyone who declines to provide their consent. For this reason, we much prefer that you implement a Terms of Use Notification prior to anyone entering the room so we can disable the pop-up opt-in feature for your account and still remain compliant.

Users who have multiple logins on your account, or logins across multiple accounts, will receive one request for each SCO-ID on Adobe’s systems.

Improved privacy and transparent data collection is in everyone’s interests. We welcome your feedback.


Sincerely,
Refined Data Solutions, Inc.