GDPR Compliance Statement
VivoCalendar Ltd’s GDPR Compliance Statement outlines how we adhere to the fundamental aspects of GDPR and ensure compliance with them.
Privacy Policy
Our stance on privacy, the handling of personal data, and our security measures.
Data Processing Agreement
In accordance with our Terms and Conditions for users, we would like to provide you with a list of our designated sub-processors.
Job Application Privacy Policy
Ensuring the privacy of job applicants is our priority.
Cookie Policy
We gather cookies.
If you have any questions or want to find more, contact our dpo@Vivocalendar.com
What is GDPR?
The General Data Protection Regulation 2016/679 (GDPR) is the European Union and European Economic Area law that governs data protection and privacy. It came into effect on May 25, 2018, empowering EU citizens with increased control over their personal data and streamlining regulations to help businesses minimize administrative burdens and foster greater consumer confidence.
Please visit their official website to learn more about data protection and the European Commission’s approach.
GDPR
Vivocalendar Ltd’s commitment to GDPR compliance began prior to its implementation in 2018, with the appointment of a Data Protection Officer (“DPO”). Alongside the company’s security team, the DPO ensured, among other things:
We create, uphold, and adhere to internal policies and procedures across all our business operations.
The online Terms & Conditions have undergone review and revision.
The online Privacy Policy has been subject to review and updates.
We have formulated a Data Processing Agreement, which is accessible on our website and can be executed between you and Vivocalendar Ltd.
Supplementary online policies are provided for both users and visitors.
We evaluate our contractual associations with suppliers and establish further privacy and data protection documentation, including Data Processing Agreements or Addendums.
We have conducted a thorough assessment of our existing suppliers and, in the interest of security, decided to discontinue our partnership with some of them.
Every member of our company undergoes comprehensive privacy and data protection training, while server security measures have been further fortified.
We've modified our backup procedures to reduce the retention of personal information for systems that have been deleted.
Here Are The Key Measures We Implemented To Achieve GDPR Compliance:
Restricted Access To Personal Data
- We follow the principle of least privilege in our business operations.
- For the level of access employees are instructed to use in diagnosing and resolving problems as well as responding to customer support requests.
- All employees have signed a Data Processing Addendum to the contract of employment and have provided a clean criminal record as part of our hiring process.
- All employees are legally binding to comply with the internal policies and procedures of the implemented Information Security Management System.
CUSTOMER SUPPORT REQUESTS: Upon activation of the double authentication feature of the System, we DO NOT have any access to your account and system. However, when you need quick assistance from our support team, you may give our representative a temporary code so they can help them out with settings if needed.
Safeguarding Healthcare Data - Patient Information
Medical information is classified as "sensitive personal data" and may be stored within the system under a component known as "SOAP." We have recently bolstered the security of the SOAP component by implementing encryption at rest. This means that even in the event of unauthorized access to the user's system or Vivocalendar servers, this information remains inaccessible without the secret key. You can store this key on a secure USB drive or within a computer folder, but ensuring the utmost protection for your computer or USB drive is crucial. In case of theft, it is advisable to employ robust security measures, such as disk encryption or password protection, to prevent unauthorized access.
HIPAA Enhanced Security: Available with Standard and Premium Subscriptions, our HIPAA Custom Feature empowers users to strengthen their system security. This feature enables automatic system logouts after a predetermined period, such as 20 minutes of system inactivity, provides login notifications, and ensures that personal data is not transmitted via email or SMS. Additionally, it removes client and service names from reports, enhancing privacy and preventing unauthorized access to personal data.
The Option To Revoke Consent For The processing of Personal Data Is Upheld
In all our email communications, we have consistently provided easy-to-find unsubscribe links. We have now extended this option to promotional emails, ensuring that clients who have opted out of receiving these messages will not receive them. Fortunately, this adjustment has not posed an issue, as our clients typically appreciate receiving promotions from their preferred providers.
What Assistance Can We Provide To Support Your GDPR Compliance?
As you shoulder the responsibility of safeguarding your clients’ personal data, we’ve implemented significant system enhancements to facilitate GDPR compliance. These changes not only bolster security, providing you with better protection in case of equipment loss or theft but also improve user control over client data and communication permissions. For detailed information, please refer to the illustrations below.
We proudly offer four Custom Features, available to all users at no additional cost:
Two-Factor Authentication Module
Enhanced Login Security Module: It is crucial for users to swiftly adopt this feature, as the primary risk of data breaches often stems from unauthorized access to the system and its data, whether virtually or in physical possession.
History Erasure Module
Data Retention Module: Users can set data retention periods for bookings. Automatically delete data after a specified time, like 30 days (user-configurable), post-booking completion. Caution: Not needed for client login or membership scenarios.
Terms and Conditions Module
User-Defined T&C and Plain-Language Privacy Policy Module
Cancellation Terms Module
Cancellation Policy Enforcement Description Module
Administrative Dashboard:
Access To Three Categories of Personal Data
Personal Data
Company Information
Typically accessible on the internet for client booking convenience.
System Users information
Service providers are typically listed online for everyone to view, enabling clients to select them for booking.
Client Information
Only visible to system users, not on the internet.
Each group has the capability to view and print data from the Vivocalendar system via a dedicated interface. Should the need arise, client information can be easily removed by pressing a single button.
Please be aware that access to these records is safeguarded. Users must undergo a straightforward authentication process, which involves re-inputting their password. If two-factor authentication is enabled, a verification code will also be required.
While client information plays a crucial role in generating statistical data about sales and bookings, any deleted data is anonymized, ensuring it remains unidentifiable yet still useful for analytical purposes.
A Gentle Reminder Regarding Your GDPR Compliance
You Can Boost Your Security Measures
Users are advised to fortify their mobile device security by using lengthy passwords and enabling the feature that automatically wipes phone data after multiple incorrect password attempts. This precaution prevents potential thieves from gaining access to two-factor authentication codes.
To further ensure privacy, users are encouraged to activate automatic screen locks to minimize the chances of unauthorized access, especially in a workplace setting.
As The Data Controller
Keep in mind that you hold the responsibility to create, uphold, and act in line with a privacy policy tailored for your clients. This is a decision only you can make, and no one else can do it for you. For guidance on this document, consult with a professional or reach out to your local data protection agency. Ensure it’s drafted in a straightforward and succinct way.
Also, don’t forget to provide a link to our Privacy Policy, which details how we handle the subject’s data on your behalf and the nature of any data transfers.
New To Vivocalendar?
Interested in learning how Vivocalendar can streamline your online bookings? Check out the video to discover the capabilities of our scheduling software.
