GDPR

GDPR Compliance and Data Security Are Top Priorities for Us

At Livingroom, we are commited to securing our customers' data by following the best in breed frameworks and security standards.

 
GDPR Compliance

Assuring compliance throughout all our processes.

Data Protection & Security

Using industry standards of data and information security.

ISO 27001 Standards

Actively woking towards getting certified.

What Is GDPR?

In May 2018, the European Union introduced the General Data Protection Regulation to give people more control over how their personal data is collected and processed.  Companies have to adhere to new standards of security, data storing, transparency, and accountability.

Data Security
GDPR

Our Commitment to GDPR


Aspiring to be the leading employee experience management solutions provider, we take GDPR seriously and it is our top priority to comply with GDPR. As our customer, you should know that we have put effective measures in place to protect the personal data of our customers, employees and other stakeholders. It’s more than words. Our commitment is demonstrated in practice through a number of policies, the provision of appropriate resources, as well as effective information security controls.

Employee Awareness Training

A policy is in place for the protection of personal data within Livingroom Analytics, which has been approved by management and communicated to all employees. All our employees have received awareness training regarding data protection, the GDPR, and information security, and understand their roles in the protection of personal data.

Employee awareness Training
Personal Data Analysis

Personal Data Analysis

As part of meeting our legal obligations, we have put in place a comprehensive program to understand and validate our use of personal data. Among others, we have identified the personal data we process, including where special categories are involved, and we have established the lawful basis of the processing under the GDPR.

Data Processing Agreement


When Livingroom Analytics is gathering, storing and analyzing employee engagement, performance and experience data on behalf of the customer, we operate as the data processor while the customer is the data controller. Acting as a data processor, we have contractually committed to complying with the requirements of the GDPR. Along with our terms of service, we provide an amended, pre-signed data processing agreement, that form the contractual basis of GDPR compliance with our customers

Data Transparency and Privacy Policy

In those cases where our processing is based on consent, e.g. when employee surveys are collected through our employee app, we have taken steps to ensure clear, free consent has been given and is recorded. In this way, we assist our customers, acting as data controllers, in gathering employee consent and demonstrating data transparency.

Data Transparency and Privacy Policy
Rights of the Employees – You’re in Control

Rights of the Employees – You’re in Control

Under the GDPR, data subjects have a number of rights that can be exercised, e.g. the right to access personal data, the right to rectify data and the right to erasure data. We are dedicated to assist our customers in fulfilling their obligations as data controllers in respect to these rights. Most importantly, we have designed Livingroom to provide customers with as much control over their employee data as possible. If needed, however, we also have procedures in place to promptly process and fulfil data subject access requests.

Subcontractor Compliance


As part of our efforts in fulfilling our role as data processor, we also make sure that our subcontractors and sub-processors are GDPR compliant and follow the same strict data security standards as we do. Livingroom Analytics is running on the Microsoft Azure platform and customer data is securely stored within EEA at Microsoft data centers, meeting top industry standards for security.

Impact Assessment & Data Breach Management

As part of our commitment to GDPR, Livingroom Analytics also makes an effort to analyze risks and take measures to protect personal rights accordingly. Where appropriate, we have performed data protection impact assessments. We have also prepared ourselves for possible breaches in line with GDPR guidelines and established procedures to fulfil our obligations in the event of a breach of personal data.

Impact Assessment & Data Breach Management
Data and Information Security Policies

Data and Information Security Policies

Our business is built on data. Thus, information security is a top priority to us. In our efforts to protect ourselves, we seek to follow leading industry standards and are constantly evaluating and improving our practice. We have put a number of policies and other controls in place to provide appropriate protection of personal data, based on a careful assessment of risk.

To ensure complete organziational and application security, we are also commited and actively working to obtain an ISO 27001 certification.

Read more about our security policies >

Lawfullness, Fairness, and Transparency

As a controller of own data and as a processor of employee data on behalf of our customers, we are always open, honest, and fair about the grounds of its collection and use.

Purpose Limitation

As data processors, we are clear, from the beginning, about our purposes for processing personal data and specify them in a privacy document for customers and employees to understand.

Accuracy

We take all the reasonably steps to ensure the personal data we hold is not incorrect or misleading, by assisting and granting access to our customers to modify or delete their personal data at any time.

Data Minimization

We make sure the personal data we process is relevant, adequate, and limited to what is necessary to deliver our services.

Storage Limitation

We never keep our customers' data for longer than we need to and always communicate the retention period.

Accountability

We take responsibility for what we do with our personal data and we have appropriate measures to demonstrate our compliance.