Sched takes data privacy and security very seriously. With GDPR set to take effect on May 25, 2018, we have updated our data privacy program so that we, and our Organizers, are comfortable that we will meet the new requirements. Here are a few highlights.
What is GDPR?
The General Data Protection Regulation (GDPR) is a new European Union (EU) privacy law that went into effect on May 25, 2018. The GDPR mandates how companies collect, store, delete, modify and otherwise process personal data of EU residents.
Does GDPR apply to me?
The GDPR, and similar legislation in Europe protects the personal data of people who live in the EU or Switzerland.
What Sched is doing to prepare
At Sched, we’ve been reviewing and updating our internal data processes and systems to make sure we’re compliant with the GDPR. These updates include:
- Complete: Improved attendee privacy controls
- Ability to delete your own account
- Ability to request an archive of your data
- Ability to unsubscribe from automated emails (daily schedule/survey reminders) and manual emails (announcements from event organizers)
Because Sched and its servers are located in the United States, we necessarily transfer any data that is collected from the EU or Switzerland to the United States for processing and storage. In order to provide appropriate safeguards regarding such transfers, we are in the process of obtaining certification with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all personal data received from the EU and Switzerland to the applicable Principles of the Privacy Shield Frameworks. To learn more about the Privacy Shield Frameworks, visit https://www.privacyshield.gov.
As a processor of personal data on behalf of some of our customers, we’ll be releasing a Data Processing Agreement to allow our customers to continue to lawfully transfer EU and Swiss personal data to Sched when the GDPR goes into effect.
We’re committed to achieving compliance with the GDPR, and we want to help our organizers do the same.
Data subjects’ ownership of their personal data is at the core of the GDPR. Under the new GDPR ruling, the data subject (you), has a right a right to data portability. In other words, you have a right to export your personal data from Sched.
To request an export of your personal data, please email email@example.com with the subject line “GDPR Export”.
Sched will adhere to any user’s request to delete their personal data.
As a result, there may be a time when your Sched event’s control panel will show anonymized personal data for a particular attendee. Similarly, if Sched removes personal data on its own in accordance with our internal data retention policy, anonymized personal data for a particular attendee within the dashboard will also appear.
Should one of your attendees ask you directly to have Sched remove their personal data from our system, please forward the request to us at firstname.lastname@example.org. Our Customer Success team may reach out to the user directly to confirm the request.
You can delete your Sched account as follows:
- Delete your own account
- Email email@example.com to request we delete your account
We have created a readiness to respond to data subjects’ requests to delete, modify, or transfer their data. This means that our Customer Success team, along with the Engineers that assist them in their work are prepared to help you in any matters involving your personal data, in addition to providing the awesome customer support experience that you are accustomed to.