Livetecs & GDPR
Livetecs provides high-quality timesheet, expense, task, and project management application for all types of businesses. We are fully committed to be GDPR compliant by the date of May 25th, 2018.
What is GDPR?
The EU Regulation 2016/679, General Data Protection Regulation (GDPR), enforced from May 25th, 2018, strengthens the fundamental right to privacy for people living in the EU. The regulation mandates need for operational and technological controls for protection against data violation and grants new rights for individuals in the treatment of their personal data. Any company that wants to do business with European residents must comply with the GDPR.
Through GDPR, data of all the citizens of EU will get protected and they will now get the control of their data. All organizations operating in the EU and/or processing personal data of EU residents will be covered by this regulation.
Definitions & Terminology
‘EU Data Protection Law’ means (i) prior to 25 May 2018, Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of Personal Data and on the free movement of such data (“Directive"); and (ii) on and after 25 May 2018, Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. General Data Protection Regulation (GDPR).
‘Privacy Shield’ means the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Framework self-certification program operated by the U.S. Department of Commerce and approved by the European Commission pursuant to Decision C(2016)4176 of 12 July 2016 and by the Swiss Federal Council on January 11, 2017, respectively.
‘Data Protection Laws‘ means all data protection and privacy laws applicable to the processing of Personal Data under the Agreement, including, where applicable, EU Data Protection Law.
‘Model Clauses’ means the Standard Contractual Clauses for Data Processors as approved by the European Commission in Decision 2010/87/EU and in the form set out in Annex B.
‘Data Subjects’ are any identified or identifiable natural, living persons. A data subject cannot be a deceased person or a legal entity (such as a corporation).
‘Personal Data‘ means any information relating to an identified or identifiable natural person. (End-users)
‘Processing‘ means any operation or set of operations which are performed on personal data or on sets of personal data, whether or not by automated means.
‘Data Controller’ means an entity that determines the purposes and means of the processing of Personal Data.
‘Data Processor‘ means a natural or legal person, public authority, agency or other bodies which processes personal data on behalf of the controller.
‘Sub-Processors‘ means a natural or legal person, public authority, agency or body other than the data subject, controller, and processor who, under the direct authority of the controller or processor, are authorized to process personal data. For more information please click here to see our sub-processors list.
‘Affiliate‘ means an entity that directly or indirectly Controls, is controlled by or is under common control with Livetecs.
‘Agreement’ means the Master Services Agreement or other written or electronic agreement in the form of online terms and conditions contained on Order Forms entered into between Customer and Replicon for the provision of the Service to Customer.
‘Control’ means an ownership, voting or similar interest representing fifty percent (50%) or more of the total interests then outstanding of the entity in question. The term “Controlled" will be construed accordingly.
‘Group’ means any and all Affiliates that are part of an entity’s corporate group.
‘Security Incident’ means any unauthorized or unlawful breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Customer Data.
How Livetecs stores, uses, process and protect its Users’ Data
The information stored or transmitted via Livetecs is used for operational and improvement purposes, to help our customers use and access our services, respond to their inquiries, and send service-related communications.
Data ownership and control
When our Customers trust Livetecs with their data, they remain the sole owners of such information. Therefore, the customer is the controller of such data and Livetecs is the processor.
We maintain an updated list with the name of sub-processors and locations used for hosting or other processing of data. For more information please click here for our sub-processors list.
Data Processing Addendum
Livetecs Data Processing Addendum (DPA) provides our customers with the contractual commitments to be GDPR-compliant. This agreement outlines our guarantee that customers can:
• Respond to requests from data subjects to access, rectify or delete personal data.
• Be made aware of and report personal data breaches to relevant supervisory authorities and data subjects according to GDPR guidelines.
Please click here to obtain our Pre-signed Data Processing Addendum (DPA).
At Livetecs, security is a top priority. We secure your data by assuring that physical and network protection is monitored around the clock. For example, Livetecs is powered and its users are protected with Microsoft Azure Cloud. For more information, click here for our Security Page.
Standard Contractual Clauses (Model Clauses) are a set of standard provisions approved by the European Commission to enable European entities to legally transfer personal data outside the EU. Through these clauses, Livetecs agrees to process an individual’s personal data on behalf of the customer and in compliance with the customer’s instructions. Please click here to obtain our Pre-signed Data Processing Addendum.
Data Subject Requests
How we evaluate, respond, and authorize access, rectification, and erasure.
Data subject right of access, rectification, and erasure for EU residents
As indicated previously and outlined in Livetecs DPA, if a data subject exercises their right to access, rectification and/or erasure, we will contact our customer in order to receive the authorization to make the changes.
If our customer doesn’t reply within a reasonable time, Livetecs will evaluate, respond, and inform the data subject of the decision and schedule for the action within 30 days (of receipt of the request). As stated in the GDPR, if our customer or Livetecs decides not to take action on the request, the data subject will be informed of the reasons for the decision and the possibility of lodging a complaint with a supervisory authority.