1. What is GDPR?
The General Data Protection Regulation (GDPR) is a European regulation that strengthens privacy protection and harmonizes data protection across:
- EU member states
- Liechtenstein
- Norway
- Iceland
- Switzerland
- United Kingdom
(collectively referred to as "GDPR Countries")
2. Does a Quividi customer in a GDPR Country have to comply with the GDPR?
Yes, most likely. The GDPR’s broad definitions of “processing” and “personal information” (cf. Article 4 of the GDPR - “Definitions”) lead most Data Protection Authorities in Europe to consider the images processed by the Quividi VidiReports solution as personal data.
In such cases, a Quividi customer is required to comply with the GDPR.
3. What is the legal basis for a Quividi customer to process personal data?
Legitimate interest is usually a valid legal basis for a customer to use Quividi’s VidiReports and process personal data in compliance with the GDPR.
4. How does a Quividi customer comply with the GDPR?
To the best of our understanding, a Quividi customer can comply with the GDPR by fulfilling the following requirements:
. Comply with the Right of Information: The customer must ensure that a disclosure sticker is prominently displayed on each screen and/or at the venue's entrance. The text of the sticker may be concise but should direct individuals (via a QR Code or a short URL) to an online privacy page containing comprehensive information as required by Article 13 of the GDPR.
. Conduct a Data Protection Impact Assessment (DPIA): A DPIA should evaluate the potential impact of data processing activities on individuals' privacy and outline measures to mitigate risks.
. Sign a Data Processing Agreement with Quividi: This agreement details the contractual obligations of the customer and Quividi as a Data Controller and Data Processor, respectively.
For examples and templates of these documents, please contact your local account manager.
5. Are there special requirements imposed locally by some EU privacy authorities?
Data Protection Authorities may have different interpretations of the GDPR and impose specific requirements on the use of Quividi’s VidiReports.
We recommend contacting your local Data Protection Authority to ensure you address all GDPR obligations specific to your country. Quividi can assist in reaching out to your local authority and ensuring compliance with these obligations.