GDPR

Sched takes data privacy and security very seriously. With GDPR set to take effect on May 25, 2018, we have updated our data privacy program so that we, and our Organizers, are comfortable that we will meet the new requirements. Here are a few highlights.


What is GDPR?
The General Data Protection Regulation (GDPR) is a new European Union (EU) privacy law that went into effect on May 25, 2018. The GDPR mandates how companies collect, store, delete, modify and otherwise process personal data of EU residents.

Does GDPR apply to me?
The GDPR, and similar legislation in Europe protects the personal data of people who live in the EU or Switzerland.

What Sched is doing to prepare
At Sched, we’ve been reviewing and updating our internal data processes and systems to make sure we’re compliant with the GDPR. These updates include:

  1. Complete: Improved attendee privacy controls
    • Ability to delete your own account
    • Ability to request an archive of your data
    • Ability to unsubscribe from automated emails (daily schedule/survey reminders) and manual emails (announcements from event organizers)
  2. Complete: Updated Privacy Policy
  3. We’ve updated our Privacy Policy to reflect what data we collect, how we use data and which third party partners we use. We are in the process of completing our Privacy Shield certification. We will update our Privacy Policy again when our Privacy Shield certification is complete.

  4. Awaiting Approval: Becoming Privacy Shield certified
  5. Because Sched and its servers are located in the United States, we necessarily transfer any data that is collected from the EU or Switzerland to the United States for processing and storage. In order to provide appropriate safeguards regarding such transfers, we are in the process of obtaining certification with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all personal data received from the EU and Switzerland to the applicable Principles of the Privacy Shield Frameworks. To learn more about the Privacy Shield Frameworks, visit https://www.privacyshield.gov.

  6. In Process: Rolling out a Data Processing Agreement (DPA)
  7. As a processor of personal data on behalf of some of our customers, we’ll be releasing a Data Processing Agreement to allow our customers to continue to lawfully transfer EU and Swiss personal data to Sched when the GDPR goes into effect.

We’re committed to achieving compliance with the GDPR, and we want to help our organizers do the same.


Data Exports
Data subjects’ ownership of their personal data is at the core of the GDPR. Under the new GDPR ruling, the data subject (you), has a right a right to data portability. In other words, you have a right to export your personal data from Sched.

To request an export of your personal data, please email support@sched.com with the subject line “GDPR Export”.


Data Deletion
Sched will adhere to any user’s request to delete their personal data.

For Organizers
As a result, there may be a time when your Sched event’s control panel will show anonymized personal data for a particular attendee. Similarly, if Sched removes personal data on its own in accordance with our internal data retention policy, anonymized personal data for a particular attendee within the dashboard will also appear.

Should one of your attendees ask you directly to have Sched remove their personal data from our system, please forward the request to us at support@sched.com. Our Customer Success team may reach out to the user directly to confirm the request.

For Attendees
You can delete your Sched account as follows:

We have created a readiness to respond to data subjects’ requests to delete, modify, or transfer their data. This means that our Customer Success team, along with the Engineers that assist them in their work are prepared to help you in any matters involving your personal data, in addition to providing the awesome customer support experience that you are accustomed to.