Why comply with GDPR?
There are both ethical and business reasons for compliance. It’s important to protect the privacy of people who enter your business environment. GDPR is a carefully thought-out regulation which helps companies operating in the EU establish correct practices and became legally enforceable in May of 2018. Failure to comply can result in substantial penalties and fines.
Integrations with third parties
iLobby can be configured to use additional services available through various third party vendors through integrations. These may include message delivery, 3rd party screening, access control and many more. Please examine individual third party privacy and disclosure statements for their compliance. Some of the vendors and their statements are listed at the end of this document.
When it comes to visitor management, following main topics need to be considered as part of the scope:
Processor vs. Controller
The Processor and Controller roles describe ownership, control and custodianship responsibilities for involved parties. Please consult GDPR legislation (link provided at the end of the document) for a detailed explanation on the roles of each. iLobby classifies each party as per the following:
1. Visitor – Controller
2. Customer – Partially both, Controller and Processor
3. iLobby – Processor
Right to be forgotten
iLobby provides the ability for the Controller to request to have their personal details removed from the iLobby system. This request can be manual or automated. Please consult your account representative for details on available data retention periods and automation triggers.
Controller should be provided with a legal disclaimer outlining the reasons and the type of the information being collected. iLobby is able to display legal documents and obtain acceptance during both, the sign-in process and pre-registration.
Data security, transport and storage
In addition to having the data encrypted at rest and in transit, iLobby offers geo-distributed storage, allowing customer to store all PII And GDPR sensitive data within the borders of the EU and even within specific countries when required. Our cloud infrastructure is outsourced to Microsoft and falls under certifications outlined in the Microsoft Azure’s Trust Center.