Data Protection and Compliance
We take data protection seriously. We are fully compliant with the latest General Data Protection Regulation (GDPR).
All of our customer data is encrypted, and stored within an EU Data Centre or locally in encrypted form on the VisiPoint device. VisiPoint kiosks are built with customised hardware and are far more secure than your average tablet device.
In terms of the data captured using a VisiPoint system, we can confirm that you as a customer are Data Controllers, and we are Data Processors.
With regards to the principle of consent, we have included a suitable clause within the Terms and Conditions section of the portal to get explicit confirmation. The end user needs to interact with this element in order to proceed. However, you may need to check your legal basis depending on the nature of your business.
We respect the right to be forgotten, and as such we offer our customers two ways to control data once there is a need; Data Masking, and Data Wiping.
Data Masking will hide the personal data behind VisiPoint users but will retain the circumstantial data that may still be relevant to the business going forward; i.e., we’ll delete the person’s PID but we’ll keep when they arrived, when they left, etc.
Data Wiping is a straightforward deletion of accounts upon request, either in individual cases or with bulk data sets. We aim to respond to such requests immediately, and we’re happy to enter into specific arrangements in order to protect customer data.
Finally, we don’t use customer data for anything other than our customers’s visitor management.
Data Handling Agreement
You can access our Data Processing Addendum and full Data Handling agreement here.