BeaconLive in Compliance with The GDPR
Last Updated: January 3, 2023
What Is The GDPR?
The GDPR (General Data Protection Regulation) is an EU Regulation which replaced the 1995 EU Data Protection Directive (DPD) to significantly enhance the protection of EU citizens' personal data and increase the obligations of organizations who collect or process personal data – and who market / sell products or services to EU citizens (regardless of their location). It came into effect on May 25, 2018. The regulation builds on many of the 1995 Directive’s requirements for data privacy and security, but includes several new provisions to augment and support the rights of data subjects and add more severe penalties for violations.
How BeaconLive Is Supporting Our Customers’ Compliance with GDPR
BeaconLive views The GDPR as an opportunity to strengthen our commitment to the protection of personal information, and we have made the necessary changes to ensure our website and online presence are in full compliance with the regulations set forth.
Compliance with GDPR requires a partnership between BeaconLive and our customers in their use of our services. We are dedicated to helping our customers comply with GDPR. We have made enhancements to our products, systems, procedures and documentation to help support BeaconLive's and our customers’ compliance with GDPR. BeaconLive acts as a data processor for personal data that we process on behalf of clients through their use of BeaconLive's services. The GDPR requires companies that are subject to the GDPR to have contracts with their data processors that contain certain terms and information. BeaconLive has created a Data Processing Addendum to meet that requirement. It has been tailored to address the unique characteristics of BeaconLive's platform and services and reflects our data security procedures and data processing activities.
BeaconLive customers should contact their BeaconLive account manager for more information.
EU Personal Data
GDPR recognizes several mechanisms for transferring EU personal data from the EU to the U.S., and it also opens the door to the development of additional mechanisms going forward. Among these mechanisms is the EU-U.S. Privacy Shield Framework.
The EU-U.S. Privacy Shield Framework was designed by the U.S. Department of Commerce and the European Commission to provide companies from both the United States and Europe with a mechanism to comply with data protection requirements related to transferring personal data from the EU to the United States. BeaconLive has certified to the Department of Commerce that it adheres to the Privacy Shield Principles, including the Supplemental Principles.
BeaconLive's Privacy Shield certification and GDPR-compliant Data Processing Addendum will continue to help our customers by providing a recognized mechanism for transfers of EU personal data from the EU into the U.S.
Additional GDPR Compliance Readiness Actions
The following are some of the additional actions BeaconLive has taken to comply with GDPR:
- Reviewed our data processing activities to determine which data processing activities and systems are subject to the GDPR.
- Conducted an assessment of our current activities and privacy program against GDPR, and inventoried and mapped our data processing activities, including global data transfers.
- Reviewed and updated existing third-party service provider agreements to include GDPR-compliant data processing terms where necessary to comply with cross-border transfer obligations.
- Identified which third-party service providers are subprocessors and expanded our onboarding process to identify new subprocessors in the future. BeaconLive subprocessors are required to implement technical and organizational measures to ensure that their processing meets the requirements of GDPR.
- Implemented and updated policies and procedures to address privacy-by-design principles. As part of this, we have assessed data processing activities and related risks and implemented practices and safeguards to mitigate such risks.
- Updated and expanded internal processes to accommodate data subject rights requests.
Client authorizes BeaconLive to appoint (and permit each Subprocessor appointed in accordance with this Section to appoint) Subprocessors. Client expressly agrees that BeaconLive Affiliates may be engaged as Subprocessors, and that BeaconLive may continue to use those other Subprocessors already engaged by BeaconLive as of the date of this Addendum. BeaconLive will make available a current list of BeaconLive Subprocessors at www.beaconlive.com/gdpr/subprocessors, including the names and a description of the Processing to be undertaken by the Subprocessor, and will update the list prior to adding any additional Subprocessors. Client may subscribe to email notifications of new Subprocessors at www.beaconlive.com/gdpr/subprocessors. [KJ1] BeaconLive will provide notice of new Subprocessors fifteen (15) days prior to authorizing new Subprocessors to Process Personal Data in connection with the Services by updating the Subprocessor list at www.beaconlive.com/gdpr/subprocessors, and via email notification if Client has subscribed to email notifications about new Subprocessors. Client may object to the appointment of a new Subprocessor by sending written notice to BeaconLive at email@example.com within ten (10) business days of the notice of new Subprocessors; Client’s notice of objection should state the basis for Client’s objection. Client agrees that it will not unreasonably object to the use of a Subprocessor. If Client does not object to the appointment of the Subprocessor within ten (10) business days, the Client shall be deemed to have approved and agreed to such appointment.
Contacting Us and Our Privacy Officer
301 Edgewater Place, Suite 100
Wakefield, MA 01880
We seek to promptly respond to and resolve any questions or concerns you may have.