VIZITCARE COMMITMENT TO PRIVACY
Customer and Visitor data privacy is extremely important to VizitCare and has been our focus from the very inception of the product. We ensure data privacy in the entire lifecycle of our product, from product development to sales, support and data storage. VizitCare provides an enterprise-grade visitor management platform with a global customer base. Our unique approach fully meets the client’s
unique privacy requirements and government standards to deliver a solution which satisfies both legal and business objectives.
WHY COMPLY WITH GDPR?
There are both ethical and business reasons for compliance. It’s important to protect the privacy of people who enter your business environment. GDPR is a carefully thought-out regulation which helps companies operating in the EU establish correct practices and became legally enforceable in May of 2018. Failure to comply can result in substantial penalties and fines.
We have helped many clients meet their unique requirements for collection and storage of private and confidential information. Following “Best Practices” have been assembled based on the feedback and experience we received as a part of our previous engagements.
1. Collect only what you need
In today’s data-hungry environment, it is important to remember that collecting information bears responsibility. Auditors often request a reason for each of the collected data types. Please establish a reasonable use-case for the data being collected in order to minimize the risk and to ensure that unnecessary data does not clutter the system.
2. Store only as long as necessary
VizitCare offers extensive data retention rules to help retain only what is needed and for the required duration. Keeping sensitive data for longer periods
increases the exposure and risk and is contradictory to GDPR and many other data privacy regulations.
3. Collect consent
One of the easiest ways to limit liability and to properly facilitate GDPR is to provide adequate disclosure and to obtain consent from the Visitor. The disclosure should outline what data is being collected, how long it will be retained and the purpose for which it is being collected.
4. Assign a Privacy Officer/Security Manager
We recommend assigning an internal Privacy Officer to deal with all matters related to privacy and GDPR regulations. This resource should be responsible for managing the necessary protocols within the VizitCare system and should be provided to the Visitor during the sign-in process as a part of the disclosure statement, in case Visitor wants to exercise their “right to be forgotten”.
5. Simplify GDPR for your visitors
Visitors should be able to navigate the process easily and with minimal effort. We can help by providing copies of all disclosures and legal statements via email to Visitors at the completion of the sign-in process. This helps establish a legal trail and further documents options available to the Visitor as a part of the effort to secure their privacy.
Data security, transport, and storage
In addition to having the data encrypted at rest and in transit, VizitCare offers geo-distributed storage, allowing the customer to store all PII And GDPR sensitive data within the borders of the EU and even within specific countries when
required. Our cloud infrastructure is outsourced to Microsoft and falls under certifications outlined in the Microsoft Azure’s Trust Center.