ClickView is now compliant with the EU General Data Protection Regulation (GDPR) and is supportive of our customers own GDPR compliance. ClickView customers can have confidence that ClickView’s handling of personal data is of the GDPR’s security standards.
In particular, in accordance with article 5 of the GDPR, ClickView will ensure that personal data is:
ClickView has undertaken a review and audit of all of our systems and practices in connection with the personal data of our customers and have made the appropriate internal amendments in order to comply with the requirements of the GDPR.
In particular, ClickView have:
This document provides a summary of the new data protection requirements which apply under the GDPR from 25 May 2018 and how the GDPR applies to the services offered by ClickView.
What is the GDPR?
The GDPR is the new European Union Regulation about the protection of personal data and the rights of individuals in relation to their personal data.
When does the GDPR come into effect?
The GDPR takes effect on 25 May 2018.
Who does the GDPR affect?
The GDPR applies to organisations located within the EU and to organisations located outside of the EU if they offer goods or services to individuals in the EU.
ClickView’s GDPR compliance is subject to the personal data that we process and hold for individuals in the EU.
As ClickView have customers in the EU, compliance with the GDPR is irrespective of whether or not the UK retains the GDPR post-Brexit. Our data handling processes for organisations which are located in the UK are GDPR compliant. If the UK government implements new laws equivalent to the GDPR post-Brexit then ClickView will ensure that it will comply with any such laws.
What is personal data under the GDPR?
The GDPR applies to ‘personal data’ which means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
What types of personal data does ClickView collect?
This personal data which ClickView collects depends on the type of customer account but typically includes individuals’ contact details such as name, email address, title, student or staff group, and institution name; technical identifiers, including user IDs and IP addresses; and video content and metadata, to the extent they contain personal data.
Our collection and processing of personal data is for the purposes of ClickView’s legitimate interest in the commercial provision of educational services and to the extent necessary for the performance of our services.
What is the difference between a data processor and a data controller?
The GDPR applies to data controllers and data processors. A controller is the entity that determines the purposes, conditions and means of the processing of personal data, while the processor is an entity which processes personal data on behalf of the controller.
Our usual practice follows that ClickView is the Data Processor and ClickView customers are nominated as Data Controllers.
What are the rights of data subjects?
Data subjects are the individuals who are identified or identifiable by reference to the personal data they provide. Data subjects have the following rights under the GDPR:
ClickView has and will implement procedures to ensure that it will comply with all data subject rights in accordance with the requirements under the GDPR.
What is ClickView’s legal basis for processing personal data?
The processing of personal data is lawful under the GDPR where one (or more) of the following six grounds have been met:
ClickView’s legal basis for processing personal data is through the legitimate interest in the commercial provision of educational services.
Does ClickView transfer personal data outside of the European Union?
ClickView currently stores personal data in data centers in Sydney, Australia and using the Microsoft Azure cloud platform.
In respect of personal data stored in Sydney, the European Commission’s set of model contractual “Standard Clauses” remains a valid approach to transfers of personal data from the EU to non-EU countries. ClickView has released a Data Processing Addendum that contractually commits us to comply with the EU’s data protection principles. Our ClickView customers can request a copy of this addendum by contacting firstname.lastname@example.org
In respect of personal data stored in the Microsoft Azure cloud platform. Microsoft provides extensive documentation regarding Microsoft Azure, its security practices, certifications and GDPR compliance commitments. GDPR compliance is included in the contractual commitment from Microsoft to ClickView. Further information is available online from Microsoft’s trust center resources at:
In addition, customer support teams located in London, United Kingdom and Sydney, Australia may access personal data solely for troubleshooting and maintaining ClickView’s services.
What security measures does ClickView have in place to protect personal data?
ClickView has implemented appropriate security measures to safeguard the confidentiality and integrity of customer data. These include tiered access to the platform, password access which is regularly changed, use of encryption software and recording systems which monitor platform access.
Does ClickView engage any sub-processors?
ClickView currently engages sub-processors to carry out Customer Relationship Management services and analytics services to assist us in the provision of our services. ClickView’s sub-processors are required to comply with our standard data processing addendum for suppliers which reflect the rights of ClickView customers as data controllers under the GDPR.
Customers may request details about the particular sub-processors used in their deployment and can request that they be notified of changes to those sub-processors and given a chance to object to any changes in the applicable sub-processors.
Can ClickView customers search for their personal data on our systems?
ClickView customers do not have access to search for their personal data on our systems. Only specified
ClickView employees are able to access this.
ClickView will comply with all requests to access personal data in accordance with the requirements of the GDPR.
Can ClickView customers delete their personal data from our systems?
ClickView customers cannot directly access our systems and delete the personal data we store. However,
they can request for part, or all of their personal data that we store on our systems to be deleted.
ClickView will comply with all requests to delete personal data in accordance with the requirements of the GDPR.
Can ClickView customers export their personal data from our systems?
ClickView customers cannot directly access our systems to export personal data. However, ClickView
customers can request for an exported version of all their personal data that we store on our systems.
For security reasons, ClickView will only comply with a request sent by the nominated ‘Key Contact’ (an individual that every ClickView customer nominates when joining ClickView).
Is ClickView maintaining Data Processing Records?
ClickView fully complies with the requirements under the GDPR to maintain records of processing
activities carried out on behalf of our customers. This includes the types of processing and any
transfers of personal data.
We contractually require our approved sub-processors to comply with the same requirements.
What if ClickView encounters an unauthorised breach of data?
ClickView will immediately report any personal data breach to our customers in full compliance with the GDPR.
Does ClickView have an EU data protection representative?
We have designated our UK entity, ClickView Limited, as our EU data protection representative. The contact information for our EU data protection representative is as follows:
4 Bath Place, London
Phone: 0333 207 6595
We hope you have found this document helpful and informative. For more information about GDPR compliance or our privacy program please contact us at email@example.com
This document is designed to help organisations understand the GDPR in connection with ClickView’s services. However the information contained in this document should not be construed as legal advice and organisations should obtain their own legal advice in respect of their own obligations under the GDPR.