Snappic is ready for the GDPR (General Data Protection Regulation)
Snappic has always been built with a strong commitment to privacy, security, and protecting personal data.
We fully support our users in complying with the General Data Protection Regulation (GDPR or (EU) 2016/679), which came into force on May 25, 2018. The GDPR replaces the previous EU Data Protection Directive (Directive 95/46/EC).
Please note that this page is provided as a resource to understand the scope of the GDPR in relation to using Snappic. It does not constitute legal advice, representations, or warranties of Snappic and we are not responsible for any reliance on the information below. We encourage you to seek professional legal advice if you have questions about how the GDPR may affect your organization and procedures.
How does GDPR Apply to Snappic?
The GDPR protects the personal data of individuals. Personal data is any information relating to an identified or identifiable individual.
The GDPR regulates two types of persons that process personal data:
Controllers are persons that determine the purpose and means of the processing of personal data.
Processors are persons who process personal data on behalf of data controllers.
What steps has Snappic Taken
We believe that all Snappic services (which can be found on our pricing page) can be used in compliance with the GDPR.
As a processor, we've taken various initiatives to ensure Snappic's compliance with the GDPR's requirements (to the extent applicable) with respect to the scope of services stated in our Privacy policy and EULA. These include implementing:
appropriate technical and organizational measures to secure personal data processed through Snappic; and
policies and procedures to notify Snappic users without undue delay after becoming aware of a personal data breach, so that the users can comply with their own data breach notification obligations.
We have also taken initiatives to assist Snappic users (e.g. event professionals) to comply with their own obligations as controllers under the GDPR, such as:
revising our EULA (see the section on "Data Processing Agreement" below) and Privacy Policy;
implementing policies and procedures to assist users to respond in a timely manner to data subject requests for access, rectification, erasure and retrieval of personal data which is being processed by Snappic;
providing tools to assist our users to:
obtain consent from guests to process their personal data where required by the GDPR (including for marketing purposes); and
display information to guests about the handling of their personal data.
See the section on "Tools to assist our users" below.
Note, however, that adherence to the GDPR requirements in your function as a controller is your own responsibility.
Security
Data security is a core concern in all parts of our systems, infrastructure and processes.
From a technical perspective, all our servers are fire-walled and kept updated with the latest security patches.
Tools to assist our users
One of the central themes of the GDPR is openness, including around who is processing personal data and for what purposes.
We enable you to do this by creating a privacy statement. We recommend that you do this, as not doing so places you at risk of non-compliance with the GDPR.
You can use the wording below. We also recommend that you disclose who is processing the personal data (i.e. Three Commas, the provider of Snappic).
Disclaimer (Privacy statement)
This can be found under Event Options > Advanced
We have procured this app from Algoritmo Limited. It enables you to take photos and link them to this event. You can also choose to share your photos on social media. When you take photos with this app, Algoritmo collects and stores your personal data on behalf of the organiser of this event. If you would like to know more about how your personal data is handled or find out more, please contact us directly at [enter your company details].
If you are using AVA (advanced vision analytics) you must include the following statement in your Disclaimer (Privacy statement)
We process aggregated information gathered from photos taken using Snappic (for example, the number of people in a photograph, their age range and gender) for [insert description of purpose]. This does not include your personal data.
Please see the FaceMatch article to see how to set this up.
In certain instances, you may need to obtain consent to process personal data. Our Data capture feature has the ability to add fields that a user must physically tick/check i.e. accept. To ensure GDPR compliance by the user (e.g. event professional) this option should be used. If a guest does not tick/check to accept these terms, then their data must not be distributed or used by you or any other 3rd party and that data must be deleted.
You can use the following wording:
Data capture
Title
GDPR
Description
(General Data Protection Regulation)
Checkbox
DO YOU WANT TO RECEIVE COMMUNICATIONS FROM [Company]? If you enable this, this means that you consent to the use of the contact details you provide for [Company] to send you information about its products and services. You can opt out at any time.
*Please note that this checkbox field must not be a required field to comply with GDPR.
Data Processing Agreement
The processing activities conducted by a processor (like Snappic) on behalf of a controller (Snappic users e.g. event professionals) must be governed by a written contract, or other binding legal act, which complies with the GDPR. Our End User License Agreement (EULA) is this contract. All users (e.g. event professionals) must digitally accept the terms of the EULA in order to use the Snappic app/backend portal. Changes to the EULA will be displayed to you via a message on your Snappic dashboard – see the example below. We will notify users of changes to our privacy policy in the same way.
Please note for fully white-labelled accounts making use of sub-accounts, it is your responsibility to ensure you have the relevant agreements in place with your sub-accounts.
What Snappic features and services support user compliance with the GDPR
It is our understanding that all Snappic features as defined under the scope of services can be used in compliance with the GDPR. However, adherence to the GDPR requirements in your function as a data controller is your own responsibility.
Snappic takes active measures to support users in protecting personal data and continues to build features and services in line with data protection and information security laws and our focus on strong security and privacy measures.
FaceMatch and AVA
Please see the article for more info on how to handle it with GDPR