Is Onlive GDPR compliant?

GDPR

Yes we are! This article describes how Onlive address Europe’s GDPR regulations and local data laws, including Singapore’s PDPA. 

 

What is GDPR is and why does it matter – GDPR stands for General Data Protection Regulation and is a data privacy regulation that came into force on the 25th of May 2018. It’s a complex policy with a simple premise: Give users control over their data while protecting it better.

 

Onlive follows GDPR principles of data protection and handing and storing of user data:

  1. If user accounts are deleted by the organizer they get completely deleted from our system including backups.
  2. Users-can opt-out of any communication by clicking unsubscribe.
  3. Users can cancel the event attendance and delete themselves from the event’s database.
  4. Organizers can add their own terms and conditions in addition to the general terms that are provided by Onlive.
  5. Organizers must indicate to having consent before they can send out event marketing emails.
  6. If requested Onlive will purge client account and all its data within 30 days from receiving a written request by client.
  7. Onlive does not sell any personal data to third parties.
  8. All customer data is stored on secure ISO/IEC approved third-party servers where Onlive has purchased server storage capacity.

 

Where exactly is my customer data stored?
Your data is stored at a AWS data-center in Singapore. (Wait a minute, Singapore is not in the EU??) Correct, Singapore is not in the EU and it’s a common misconception that European customer data needs to remain within the EEA. Chapter 5 of GDPR is titled “Transfers of personal data to third countries or international organisations” and consists of Articles 44 through 50. (That’s 7 articles!)


The general principle for transfers is outlined in Article 44, which can be summed up as saying, if you transfer EU personal data out of the EU, make sure that this data still keeps the same level of protection that it gets under the GDPR.  In other words, the entity or company that you pass the data to outside the EU must be under a legally binding obligation to follow GDPR data protection principles or the equivalent.

Onlive’s obligation:

  1. Being regulated by Singapore’s PDPA data-privacy framework which is the equivalent of the GDPR
  2. Agrees to legally binding terms to abide the GDPR principles. See our obligations here
  3. Onlive has enacted Binding Corporate Rules between it’s employees and contractors.
  4. Onlive has a regulatory-approved code of conduct to which the entity and its employees and contractors subscribes to.

 

Read more about our Privacy Policy, Cookie Policy and our List of Sub-Processors and Data Processing Addendum