Following articles outlines how Visitly makes sure that our customers are compliant with GDPR and any other privacy and data protection regulation. Based on the some of the applicable GDPR requirements, below are the articles and features in Visitly that makes sure that customers using Visitly are GDPR compliant as data controllers and how Visitly is compliant as a data processor.
Article 54 – “Personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.”
Visitly customers can configure the platform to ask only the relevant information from the visitors based on visitor type. Visitly provides options to enable/disable various fields, set it up them as optional or mandatory depending on the need.
Para. 32 of the preamble and Article 4 (11) of GDPR: “Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of (…) agreement to processing of personal data.”
Visitly customers can define their own Privacy and Consent Document Templates that is displayed during the sign in process for the visitors. Visitors can acknowledge and accept the privacy policy of the organization before the information is stored. Customers can include the verbiage in the Document Template on their privacy policy clearly and unambiguously stating what data is being captured and for what purpose.
Along with the privacy policy, customers can choose to have an explicit or implicit consent that the visitor needs to provide before entering any personal information.
Article 7 of GDPR: “The data subject shall have the right to withdraw his or her consent at any time.”
Visitly offers self management Privacy and Consent document templates, that is displayed during the sign in process for the visitors. Visitors can acknowledge and accept the privacy policy of the organization before the information is stored. Customers can include the process to contact the organization in case visitors would like to withdraw the consent to store the information in the document template. For example, customers can mention an email address on the privacy document where the data subject can send requests to withdraw their consent and to get their personal data deleted.
Once the request is received, customers can delete the visits from the admin UI which completely removes the data from Visitly database along with any stored photos, documents and other visit data.
Article 5 of GDPR: “Data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.”
Depending on the data retention requirements of the organization, Visitly customers can delete the visits from the admin UI. For bulk deletion, customers can create a support request to the Visitly support team. Bulk deletion service is only available for our paid plans.
Article 28 of GDPR: “The controller shall use only processors [vendors] providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of this Regulation.”
Visitly has enterprise grade security in place to secure our infrastructure and customer data. All of our infrastructure run on AWS public cloud and used security best practices in securing both infrastructure, data and access controls. No data is stored on the iPad and communication between all the clients such as iPad and web browser is over TLS (Transport Layer Security).