Following articles outlines how Visitly makes sure that our customers are compliant with GDPR and any other privacy and data protection regulation. Based on the some of the applicable GDPR requirements, below are the articles and features in Visitly that makes sure that customers using Visitly are GDPR compliant as data controllers and how Visitly is compliant as a data processor.
Article 54 – “Personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.”
Visitly customers can configure the platform to ask only the relevant information from the visitors based on visitor type. Visitly provides options to enable/disable various fields, set it up them as optional or mandatory depending on the need.
Para. 32 of the preamble and Article 4 (11) of GDPR: “Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of (…) agreement to processing of personal data.”
Article 7 of GDPR: “The data subject shall have the right to withdraw his or her consent at any time.”
Once the request is received, customers can delete the visits from the admin UI which completely removes the data from Visitly database along with any stored photos, documents and other visit data.
Article 5 of GDPR: “Data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.”
Depending on the data retention requirements of the organization, Visitly customers can delete the visits from the admin UI. For bulk deletion, customers can create a support request to the Visitly support team. Bulk deletion service is only available for our paid plans.
Article 28 of GDPR: “The controller shall use only processors [vendors] providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of this Regulation.”
Visitly has enterprise grade security in place to secure our infrastructure and customer data. All of our infrastructure run on AWS public cloud and used security best practices in securing both infrastructure, data and access controls. No data is stored on the iPad and communication between all the clients such as iPad and web browser is over TLS (Transport Layer Security).