GDPR, data & access (Virtual event)

GDPR

Let's Get Digital is fully GDPR compliant. The privacy statement can be found at: https://letsgetdigital.com/en/privacy-policy/ All the data is only saved strictly within the European Union. All data is removed from our servers within 3 months after the event. If an event manager wishes to remove this data earlier, this is also possible.

Overview all data

This section gives a short overview of the type of data which can be saved in the Let's Get Digital environment.

Users

By default the email address and first/last name are used, but this can be extended by any custom fields.

Custom fields which are enabled by default and can be completed by the user: - User image - Company name/company role - Phone number - Description - Birth date - Gender - LinkedIn Profile Note: Birthdate & Gender input can be turned off. Examples of fields which can be enabled: - Favourite meal - Political interest - Address - Twitter Profile Note: Event managers can choose the privacy settings of the users and users, themselves, can decide which other users they will share their data with. If two people make connections with each other within the platform, then their information will be shared between them.

Presentations

During virtual presentations, the presenter can use different materials for their presentation: - Audio/Video input - PowerPoint presentations or other PDFs - YouTube video's or MP4 files - Files If the presenter(s) choose so, the aforementioned material will be shared with other users who are present in the given room. Event managers can limit the room access of different users to ensure that only the right or appropriate users may access a given room.

The presentations can be recorded by the event manager or speaker. The recordings can be downloaded later by the event manager(s). It's also possible that event managers choose to activate the Video On Demand module, which enables all users to access the recordings after the event.

One2One Video chats

One2One video chats are possible within the platform and cannot be recorded within the platform.

Note: A One2One video chat can be recorded by the user if the user has video recording software on her/his computer.

Access

The Let's Get Digital platform recognizes 3 types of users; Administrators, Hosts and Users. This section describes the rights of each user type and how they log in.

Administrators

Administrators can control the whole system. They choose who gets access, which content the event consists of, and can see the activity of users within the platform. There is only one exception to this - the content of the private one-to-one chats. This content is not shared with the event manager(s). Administrators can control the whole system. They choose who gets access, which content the event has and can see everything that is being done on the platform. There is only 1 exception on this one; the content of the private one-to-one chats. This content is not being shared.

Administrators get access by using a hashed password.

Users

Users can't control any content in the system and can only have access to data that the administrator(s) have given them access to. Users can share data which each other if they make a mutual connection.

Users get access by an access link which is sent at a specified time pre-event. This access link can theoretically be shared with other people, but only one person at a given time can enter the Lets Get Digital platform using this information.

Hosts

Hosts have the same rights as Users. However, they additionally have speaker rights in their respective presentation rooms. This means that they are allowed to upload their presentations/start recordings, etc.

Hosts have the same access method to the platform as Users.

Technical / organizational measures

All Let's Get Digital servers are located in the Netherlands. All our software is in-house, and only Let's Get Digital employees can access it. If they want to access it, access is always given for a maximum of 24 hours and we keep track of who has been there at what time (Logging).

All our systems communicate through a secure connection.

Our apps use certificate pinning and certificate chain validation to prevent other third parties from acting as Let's Get Digital.

Our software is designed using the by-design principle. Apart from human adjustments, the privacy of the software is therefore guaranteed.

Our platform is daily exposed to hackers via the Hacker1 platform. The moment our system contains a data breach and this is detected by one of the hackers of Hacker1, we are aware of this without abuse.

Our employees get access to the data of a specific event for 24 hours and only when this is necessary to help our events with the correct functioning of the application.

Our data is stored strictly separated per event. At the moment of a leak, this is limited to a single event.

All data will be rendered unusable within three months after the event. This means that all data is overwritten and made anonymous, so that it cannot be traced back in any way, neither for Let's Get Digital employees, nor for the organization of events, nor external parties.

We have a firewall on the entire system. From the outside, only port 80/443 is accessible.

Subcontractors

We use the following subcontractors:

What information do the subcontractors receive?

SambaLive receives the first and last names of the users. Daily.co and Firebase don't receive any personal data of the users at all.

All personal data is stored at TransIP and Digital Ocean on a server located in the Netherlands. The servers are only accessible by Let's Get Digital.