ClickView and the GDPR – Frequently Asked Questions

This document provides a summary of the new data protection requirements which apply under the EU General Data Protection Regulation (GDPR) from 25 May 2018 and how the GDPR applies to the services offered by ClickView.

ClickView’s Commitment

ClickView is committed to GDPR compliance and supporting our customers for their own GDPR compliance. ClickView customers should have confidence that ClickView’s handling of personal data will comply with the GDPR when it comes into effect.

In particular, in accordance with article 5 of the GDPR, ClickView will ensure that personal data is:

  • Processed lawfully, fairly and in a transparent manner
  • Collected only for specified, explicit and legitimate purposes
  • Adequate, relevant and limited to what is necessary
  • Accurate and kept up to date
  • Processed in a manner that ensures appropriate security of the personal data

What is the GDPR?

The GDPR is the new European Union Regulation about the protection of personal data and the rights of individuals in relation to their personal data.

When does the GDPR come into effect?

The GDPR takes effect on 25 May 2018.

Who does the GDPR affect?

The GDPR applies to organisations located within the EU and to organisations located outside of the EU if they offer goods or services to individuals in the EU.

As ClickView processes and holds the personal data of individuals in the EU, ClickView will comply with the GDPR.

As ClickView has customers in the EU, we will comply with the GDPR irrespective of whether or not the UK retains the GDPR post-Brexit. Our data handling processes for organisations which are located in the UK will be GDPR compliant. If the UK government implements new laws equivalent to the GDPR post-Brexit then ClickView will ensure that it will comply with any such laws.

What is personal data under the GDPR?

The GDPR applies to ‘personal data’ which means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

What types of personal data does ClickView collect?

This personal data which ClickView collects depends on the type of customer account but typically includes individuals’ contact details such as name, email address, title, student or staff group, and institution name; technical identifiers, including user IDs and IP addresses; and video content and metadata, to the extent they contain personal data.

Our collection and processing of personal data is solely for the purpose of and to the extent necessary for the performance of our services.

What is the difference between a data processor and a data controller?

The GDPR applies to data controllers and data processors. A controller is the entity that determines the purposes, conditions and means of the processing of personal data, while the processor is an entity which processes personal data on behalf of the controller.

What is the difference between a data processor and a data controller?

The GDPR applies to data controllers and data processors. A controller is the entity that determines the purposes, conditions and means of the processing of personal data, while the processor is an entity which processes personal data on behalf of the controller.

What are the rights of data subjects?

Data subjects are the individuals who are identified or identifiable by reference to the personal data they provide. Data subjects have the following rights under the GDPR:

  • Breach Notification – Notification of a data breach is mandatory where it is likely to result in a risk for the rights and freedoms of individuals. This must be done within 72 hours of first having become aware of the breach. Data processors will also be required to notify their customers, the controllers, without undue delay after first becoming aware of a data breach.
  • The right to be informed – Individuals have the right to be informed about the collection and use of their personal data.
  • The right to rectification – A right for individuals to have inaccurate personal data rectified, or completed if it is incomplete.
  • The right to restrict processing – Individuals have the right to request the restriction or suppression of their personal data.
  • The right to object – Individuals have the right to object to processing of personal data for direct marketing purposes.
  • Right to Access – Data subjects have a right to obtain from the data controller confirmation as to whether or not personal data concerning them is being processed, where and for what purpose. Further, the controller must provide a copy of the personal data, free of charge, in an electronic format.
  • Right to be Forgotten – The right to be forgotten entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data.
  • Data Portability – This is the right for a data subject to receive the personal data concerning them which they have previously provided in a commonly used and machine readable format and the right to transmit that data to another controller.

ClickView has and will implement procedures to ensure that it will comply with all data subject rights in accordance with the requirements under the GDPR.

What is ClickView’s legal basis for processing personal data?

The processing of personal data is lawful under the GDPR where one (or more) of the following six grounds have been met:

  • Consent – The data subject has given consent to the processing for one or more specific purposes.
  • Performance of a Contract – Where the processing is necessary for the performance of a contract or where it is necessary in order to “take steps” at the request of the data subject before entering into a contract.
  • Compliance with a Legal Obligation – Where personal data is processed in order to comply with a legal obligation.
  • Vital Interests of the Data Subject – Where personal data is processed in order to protect the vital interests of the data subject or another individual.
  • Public Interest – Where the processing is necessary for the purpose of performing a task that is in the public interest or in the exercise of official authority vested in the data controller.
  • The Legitimate Interests of the Data Controller – Processing personal data will be lawful where the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, provided that the processing does not override the fundamental rights and freedoms of the data subject.

ClickView will ensure that all processing of personal data is compliant with the GDPR, including that requests for consent are clearly distinguishable from other matters and use clear and plain language, and that the data subject has the right to withdraw consent at any time.

Does ClickView transfer personal data outside of the European Union?

ClickView currently stores personal data in data centers in Sydney, Australia and using the Microsoft Azure cloud platform.

In respect of personal data stored in Sydney, the European Commission’s set of model contractual “Standard Clauses” remains a valid approach to transfers of personal data from the EU to non-EU countries. Once signed, an agreement incorporating the Standard Clauses contractually commits organisations to comply with the EU’s data protection principles. We are developing a template sign data processing agreement incorporating the Standard Clauses. To request a copy please contact info@clickview.co.uk

In respect of personal data stored in the Microsoft Azure cloud platform. Microsoft provides extensive documentation regarding Microsoft Azure, its security practices, certifications and GDPR compliance commitments. GDPR compliance is included in the contractual commitment from Microsoft to ClickView. Further information is available online from Microsoft’s trust center resources at:

In addition, customer support teams located in London, United Kingdom and Sydney, Australia may access personal data solely for troubleshooting and maintaining ClickView’s services.

What security measures does ClickView have in place to protect personal data?

ClickView has implemented appropriate security measures to safeguard the confidentiality and integrity of customer data. These include tiered access to the platform, password access which is regularly changed, use of encryption software and recording systems which monitor platform access.

Does ClickView engage any sub-processors?

ClickView currently engages sub-processors to carry out Customer Relationship Management services and analytics services to assist us in the provision of our services. The sub-processors engaged by ClickView are also committed to GDPR compliance and ClickView will ensure that all sub-processors are GDPR compliant. Customers may request details about the particular sub-processors used in their deployment and can request that they be notified of changes to those sub-processors and given a chance to object to any changes in the applicable sub-processors.

Does ClickView have a privacy policy?

Our privacy policy sets out how we collect, use and process personal data. Our privacy policy can be accessed here on our website.

Does ClickView have an EU data protection representative?

We have designated our UK entity, ClickView Limited, as our EU data protection representative. The contact information for our EU data protection representative is as follows:

Privacy Officer
Fifth Floor
4 Bath Place, London
EC2A 3DR
Phone: 0333 207 6595
Email: info@clickview.co.uk

We hope you have found this document helpful and informative. For more information about GDPR compliance or our privacy program please contact us at info@clickview.co.uk

This document is designed to help organisations understand the GDPR in connection with ClickView’s services. However the information contained in this document should not be construed as legal advice and organisations should obtain their own legal advice in respect of their own obligations under the GDPR.