gdpr

GDPR and Your Board

Under GDPR, senior management and the board of directors have a duty to oversee the implementation and effectiveness of GDPR compliance, but is your board meeting platform slowing you down?

How can Convene enable better GDPR compliance at Board level?

1033-eu-hosting

Hosted in the EU & UK

Convene's cloud services are hosted on Amazon Web Servers in Ireland and United Kingdom. Customers can request their servers to be in London, UK. Amazon Web Services are compliant with GDPR.

We also have an on-premise solution for clients who require an extra level of security.

1034-retention-schedule

Retention Schedule

Convene comes with a built-in retention schedule, ensuring that no one has access to data for any longer than necessary.

1035-document-access-control

File Access Control

Convene’s fine-grained access control allows meeting administrators to select which parts of a meeting pack each meeting attendee can see. Therefore private data is only seen by those who need to.

1036-right-of-access

Right of access

To be able to comply with this right, an organisation will need to be able to find any information relating to the individual.

At the end of each meeting, the Convene platform produces a consolidated PDF of all the meeting papers. Also, when a paper is updated on Convene, the new version replaces the old version in the meeting pack. As the papers cannot be downloaded outside of Convene, you can inform the individual that this is the sole repository of their data for a meeting.

1037-right-of-rectification

Right to rectification

Convene retains the original version of the documents that were uploaded to create a meeting. So in the scenario where there is an error, it will be possible for the meeting organiser to download the original document, make the necessary correction and then add the amended paper back to the meeting.

The meeting record will then contain the correct information.

1038-right-of-erasure

Right to erasure

Convene comes with an inbuilt retention schedule. This allows access to meeting documents to be removed after a specified period ensuring that no one has access to the data for any longer than necessary.

In a scenario where information is deemed to be irrelevant, it will be possible for the meeting organiser to download the original document, make the necessary correction and then add the amended paper back to the meeting.

Privacy Policy

Details about our privacy policy and cookies.

Visitors to our Website:

Information Collection

There are two types of information we collect from our website:

“Personal Data”: There are pages on our website where your personal information is collected, such as the forms to supply your details to make contact with Azeus. Such personal data identifies you or can be used to identify or contact you, and include for example your name, telephone number and email address. 

“Non-Personal Data”: Non-personal data is collected through traffic data and site statistics. We keep a record of traffic data which is logged automatically by our server. Such non-personal data collected include for example the URLs visited before ours, and other anonymous statistical data involving the use of our website. We are not readily able to identify any individual from traffic data or site statistics.

We ask that you do not provide sensitive information (such as race or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; physical or mental health; genetic data; biometric data; sexual life or sexual orientation; and, criminal records) to us when using our website.

Use of Your Information

For “Personal Data”, we use this information solely to respond to you appropriately, for example, by providing you by e-mail with the information you may have requested, or an update of information about our services and products.  The legal basis for processing this information is that it is in our legitimate interest to ensure that you are provided with the best client services and visitor services we can offer.

We may ask whether you wish to receive marketing from us and this will be presented to you as an option on the relevant page on our website where necessary. We will not send you marketing if you ask us not to. If you have agreed to receive marketing but then later change your mind and no longer wish to receive marketing, please let us know so we can remove you from our distribution lists. You can contact us at dataprocessing@azeus.com.

We may disclose your personal information to law enforcement, regulatory, or other government agencies or to other third parties as required by, and in accordance with, applicable law or regulation. We may also review and use your personal information to determine whether this disclosure is required or permitted. We may also disclose log files for security-related purposes.

For “Non-Personal Data”, we use non-personally identifiable information to analyze site usage (such as aggregated information on the pages visited by our users), which allows us to improve the design and content of our site.

Cookies

Cookies are small text files that websites send to your computer’s browser when you access the website. Our website uses cookies and upon visiting our site you will be invited to give consent that our system can place cookies on your computer.  You can also set your web browser to reject cookies. Please refer to here (at http://www.allaboutcookies.org/manage-cookies/ )for details on how you can control and/or delete cookies.

Cookies enable our system to recognize your computer every time you visit our website, enabling us to have an idea of your preferences – for example, what services or offerings you viewed – in order to enhance your user experience, and help us consider how we can improve our services to you.

None of this information that we collect in this way will be sold or disclosed to any other party unless required by law.

You can find out more details regarding our use of cookies from the Cookies Policy of our website.

Convene Customers (Trial Users & Paid Customers):

Introduction

This Privacy Policy, together with our Convene Terms of Service at https://www.azeusconvene.com/terms/ and any other documents referred to below tells you how we use and disclose the personal information we collect via our Services, or when you otherwise interact with us, as a trial or paid customer of our Services.

For the purposes of these Convene customers (Trial Users & Paid Customers) specific provisions, unless otherwise defined here the terms shall have the same meaning as defined in the Convene Terms of Service.

Please read the following carefully to understand how we will collect, use and protect your personal information.

What We Collect

We collect a variety of information to enable us to provide the Services, improve and enhance our users’ experience of the Services. For more information about the purposes for which we use your information please see the Use of Information section below.

We collect the following information (which may include personal information):

A) Information You Provide To Us

When you register for and use the Services, apply for a trial, request a quotation or a demo, we collect information you provide directly to us. This can include:

  • Your name, username, your company name, job title, email address, phone number
  • The password that we generate for you when you register for our Services
  • Documents you upload to our Services
  • Contact made with our customer support or helpdesk via means such as emails, phone conversations or chat sessions
  • Messages you send to us, such as feedback and product reviews you write

If you are providing information (including personal information) about someone else you confirm that they have appointed you to act for them and consent to the processing of their personal information and that you have informed them of our identity and the purposes (as set out in this Privacy Policy) for which their personal information will be processed.

B) Information We Collect as You use our Services

When you use our Services, we collect data to make the Services work better for you. This can include, for example, usage of the features and modules, and data about the performance of the Services.

We may also collect data including log information and the devices you use to access the Services, to optimize and remedy your technical concern related to the use of the Services.

Data Processor

We act as Data Processor for the data stored in the Content. We do not own, control or direct the use of any of Content stored or processed by you via Convene hosted solution or Convene application. Only the customers or users are entitled to access, retrieve and direct the use of such information. We are largely unaware of what information is actually being stored or made available by you to the Convene hosted solution or Convene application and we do not directly access such information or data except as authorized by you or as necessary to provide support services to you.

Because we do not collect or determine the use of any personal data contained in the Content and because we do not determine the purposes for which such personal data is collected, the means of collecting such personal data, or the uses of such data, we are not acting in the capacity of data controller in terms of the data protection laws and do not have the associated responsibilities under the data protection laws. We should be considered only as a processor on behalf of our customers and users as to any Content containing personal data that is subject to the requirements of the data protection laws. Except as provided in this Privacy Policy or in the Convene Terms of Service, we do not independently cause Content containing personal data stored in the Convene hosted solution or Convene application to be transferred or otherwise made available to third parties, except to third party subcontractors who may process such data on behalf of us in connection with our provision of services to customers.

The customer or the user is the data controller under the data protection laws for any Content containing personal data, meaning that such party controls the manner such personal data is collected and used as well as the determination of the purposes and means of the processing of such personal data. We are not responsible for the content of the personal data contained in the Content or other information stored on its servers (or its subcontractors’ servers) at the discretion of the customer or user nor are we responsible for the manner in which the customer or user collects, handles disclosure, distributes or otherwise processes such information.

Use of Information

We may use the information (which may include personal information) we collect about you for a variety of purposes, including, for example, to:

  • Provide, operate, maintain and improve the Services;
  • Enable you to access and use the Services, including creating and joining e-meetings, uploading, downloading, collaborating on and sharing Content;
  • Allow you to opt-in to participate in any interactive feature of our Services;
  • Notify you about changes to our Services;
  • Send you technical notices, updates, security alerts and support and administrative notices;
  • Provide and deliver services and features upon your request;
  • Process and complete transactions;
  • Respond to your comments, questions, and provide customer service and support;
  • Communicate with you, where you have agreed or where the law permits, for marketing purposes, including to periodically inform you about services, features, surveys, newsletters, offers, promotions, and events, and provide other news or information about Azeus and Convene. If you have agreed to receive marketing but then later change your mind and no longer wish to receive marketing, please let us know so we can remove you from our distribution lists. You can contact us at marketing@azeusconvene.com ;
  • Monitor and analyze trends, usage, and activities in connection with the Services;
  • Investigate and prevent fraudulent transactions, unauthorized access to the Services, and other illegal activities; and
  • Personalize and improve the Services.

We may collect anonymous and aggregated data which does not contain personal information for the purposes of improving our Services.  

Sharing Information with Third Parties

We do not sell your personal information to third parties.

We may provide your personal information to companies that provide services to help us with our business activities such as offering customer service. These companies are authorized to use your personal information only as necessary to provide these services to us.

We may also disclose your personal information to third parties where:

  • if you are an individual Services registered user and the domain of the primary email address associated with your Services account is owned by your employer or your organization and was assigned to you as an employee or member of that organization, and such organization wishes to establish a Services corporate account, then certain information concerning use of your individual account may become accessible to that organization’s administrator including your email address; and
  • we may share your information with your consent, including when you choose to use any features in the Services that by their nature support sharing with third parties who you choose. Your name, email address, information from your profile, and any Content you choose to share will be shared with such third parties, and such third parties may communicate with you in connection with your use of the interactive or collaboration features of the Services. For example, third parties who you invite to join an e-meeting using the Services may also modify Content that you have shared, upload documents to Content you have shared, and provide other third parties with rights to view the Content you have shared.
Where We Store Your Information

We may store and process personal information and content in the United States and other countries or cities which include but are not limited to the United Kingdom (UK), Australia, Hong Kong, Singapore and Philippines.

For US customers who have adopted our software-as-a-service (hosted) Convene Services, the Content uploaded by users to the Convene hosted solution or Convene application shall reside within the United States. No content will be transferred outside of the United States without the prior consent of the customer.

For customers in Europe (other than in the UK) who have adopted our software-as-a-service (hosted) Convene Services, the Content uploaded by users to the Convene hosted solution or Convene application shall reside within the EEA.  Convene environments for UK customers which were set up before 18 September 2018 will continue to reside within the EEA or the UK.  Beginning 18 September 2018, new Convene environments for UK customers will reside within the UK.  No Content will be transferred outside of the aforementioned locations without the prior consent of the customer.

If you have any questions in relation to the transfer of your personal information outside the jurisdiction of origin please send an email to dataprocessing@azeus.com.

Collaboration and Sharing Features

The Services offers collaboration and file sharing features or other tools, which allow you to share your Content through the Services. As a function of the collaborative nature of the Services and based on the permissions and settings you choose, the use of such features enables the sharing of Content with people you want to collaborate with. The access rights and setting can be managed by using the Services functionality. For more information about such collaboration and sharing features, we encourage you to review the documentation of Services provided or made available by Azeus, or to contact support@azeusconvene.com.

Business Partners:

Introduction

Protecting the security and privacy of personal data of contact persons (each a “Business Partner Contact”) at our customers, suppliers, vendors and partners (each a “Business Partner”) is important to Azeus and its affiliated companies (together “Azeus”). Therefore, we process personal data in compliance with applicable laws on data protection and data security.

Categories of Personal Data Processed, Purpose of the Processing and Legal Basis

In the context of the business relationship with Azeus, Azeus may process personal data for the following purposes:

  • Communicating with Business Partners about products, services and projects of Azeus or Business Partners, e.g. by responding to inquiries or requests;
  • Planning, performing and managing the (contractual) relationship with Business Partners, e.g. by performing transactions and orders of products or services, processing payments, performing accounting, auditing, billing and collection activities, arranging shipments and deliveries, facilitating repairs and providing support services;
  • Administrating and performing customer surveys, marketing campaigns, market analysis, sweepstakes, contests, or other promotional activities or events;
  • Maintaining and protecting the security of our products, services and websites, preventing and detecting security threats, fraud or other criminal or malicious activities;
  • Ensuring compliance with legal obligations (such as record keeping obligations), Business Partner compliance screening obligations (to prevent white-collar or money laundering crimes), and Azeus policies or industry standards; and
  • Solving disputes, enforce our contractual agreements and to establish, exercise or defend legal claims.

For the aforementioned purposes, Azeus may process the following categories of personal data:

  • Contact information, such as full name, work address, work telephone number, work mobile phone number, work fax number and work email address;
  • Payment data, such as data necessary for processing payments and fraud prevention, including credit/debit card numbers, security code numbers and other related billing information;
  • Further information necessarily processed in a project or contractual relationship with Azeus or voluntarily provided by the Business Partner Contact, such as orders placed, payments made, requests, and project milestones;
  • Information collected from publicly available resources, integrity databases and credit agencies; and
  • If legally required for Business Partner compliance screenings: information about relevant and significant litigation or other legal proceedings against Business Partners.

The processing of personal data is necessary to meet the aforementioned purposes including the performance of the respective (contractual) relationship with Business Partners. Unless indicated otherwise, the legal basis for the processing of personal data is that (i) the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Article 6 (1) (b) of the EU General Data Protection Regulation (GDPR)); (ii) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party (Article 6 (1) (f) of the EU GDPR); or (iii) if explicitly provided by Business Partner Contacts, the consent (Article 6 (1) (a) of the EU GDPR).

If we do not collect the respective personal data, the purposes described above may not be met by us.

Job Applicants:

What Information We Collect

As part of any recruitment process, we collect and process personal data relating to job applicants. We are committed to being transparent about how we collect and use that data and to meeting our data protection obligations.

We collect a range of information about you. This includes:

  • your name, address and contact details, including email address and telephone number;
  • details of your qualifications, skills, experience and employment history;
  • information about your current level of remuneration, including benefit entitlements; and
  • information about your entitlement to work in the country.

We may collect this information in a variety of ways. For example, data might be contained in application forms, CVs or resumes, obtained from your passport or other identity documents, or collected through interviews or other forms of assessment.

We may also collect personal data about you from third parties, such as references supplied by former employers. Data will be stored in a range of different places, including on your application record, in HR management systems and on other IT systems (including email).

Why Do We Process Personal Data

We need to process data to take steps at your request prior to entering into a contract with you. We may also need to process your data to enter into a contract with you.

In some cases, we need to process data to ensure that we are complying with its legal obligations. For example, it is mandatory to check a successful applicant's eligibility to work in the country before employment starts.

We have a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows us to manage the recruitment process, assess and confirm a candidate's suitability for employment and decide to whom to offer a job. We may also need to process data from job applicants to respond to and defend against legal claims.