GDPR-Compliance

Sarcon &
GDPR

We at Sarcon take data privacy seriously.

On this page, you will find details of our initiatives and methods to ensure compliance with GDPR for ourselves and for our customers.

Overview of GDPR and Sarcon

What do I need to know when talking GDPR?

What do I need to know when talking GDPR?

The Data Controller GDPR Definition: The term “data controller” means a person or entity that (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be processed. What does it mean? The Data Controller is you – the Sarcon customer or the event organizer. Whether you are a corporation, event organizer, or an association, etc., you own the data and the responsibility of your customers’ data, regardless of the technology you use to handle it. The Data Processor GDPR Definition: The term “data processor”, in relation to personal data, means any person (other than an employee of the data controller) or entity that processes personal data on behalf of the data controller.“Processing”, in relation to information or data, means obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data, including—collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. What does it mean? The data processor is Sarcon. While both parties must align on compliance, the burden of compliance rests with the controller. To manage this burden, the data controller is responsible for building procedures with their data processor to ensure compliance.The role of the processor is to assist the controller in this regard, as a controller will often have a GDPR compliance process that involves multiple data processors.

Where is user data stored?

We treat all personal data that we collect and process with utmost care. Virtually all user data is hosted on Google Cloud, Google Clouds data centers follow the highest security and privacy standards and are GDPR compliant (Find Google Clouds GDPR policy here). Some of the event data is stored on AWS and Digital Ocean. AWS & Digital Ocean are also GDPR compliant . Clients can upload their event data directly into the CMS from their computer. If they need assistance from one of our project managers and send us sensitive event data, we secure these files in GoogleDrive folders, that can only be accessed by relevant team members.

Posters Presentation :

Experts in the field of medicine can effectively present their academic papers and posters.

Allows event attendees to interact with the authors of the posters via text chat, or video conferencing.

Poster presentation

Certificate Module

Your organization can save 2x more with our integrated certificate modules.

Easily generate and personalize the certificates for attendees.

Certificate Module

Feature-rich Multi-track Auditoriums:

Run multi-track auditoriums for large complex events where organizers can have multiple sessions running in parallel.

Engage the audience with group chat, QnA, polling, and surveys.

CME Conference - Multitrack Auditorium for virtual Conference (Medical Conference)

Virtual Photo Booth

Increase the social media engagement with the most visited area of an event with almost 70% visitor traffic.

With deep insights powered by precision analytics, increase traffic and momentum to sell more.

Posters Presentation :

Experts in the field of medicine can effectively present their academic papers and posters.

Allows event attendees to interact with the authors of the posters via text chat, or video conferencing.

Poster presentation

Certificate Module

Your organization can save 2x more with our integrated certificate modules.

Easily generate and personalize the certificates for attendees.

Certificate Module

Feature-rich Multi-track Auditoriums:

Run multi-track auditoriums for large complex events where organizers can have multiple sessions running in parallel.

Engage the audience with group chat, QnA, polling, and surveys.

CME Conference - Multitrack Auditorium for virtual Conference (Medical Conference)

Virtual Photo Booth

Increase the social media engagement with the most visited area of an event with almost 70% visitor traffic.

With deep insights powered by precision analytics, increase traffic and momentum to sell more.

What is your personally identifiable information (PII) removal process like?

To comply with the GDPR requirements pertaining to personally identifiable information (PII) removal, Sarcon has developed processes and internal tooling to accommodate requests. Data Removal Process All GDPR customer requests will be executed within 30 days of receipt. If the individual requests that their data be purged and that data was also shared with third parties (ex. Exhibitors), then Sarcon will inform the event Organizer to notify those companies of the deletion request. Steps to take for data removal requests 1) User must contact Sarcon at its privacy support email (email available in the Contact section) 2) The request email must be sent from the email id used to login/register to our products (in order to establish identity)     It is important that this request is done by the user itself and is not forwarded by third parties like the event organizers. 3) Email subject: PII removal request 4) Mention the user email and name of the user to be deleted along with the product(Virtual Event Platform, Mobile app, Online Registration) and event name (mention date of event). Removal process 1) In the event that the user data is found on our servers and we have established the requester`s identity the data would be erased in 30 days.

What is your procedure for reporting data breaches?

Our top priority is to keep your data secure. Detecting data breaches is important, yet complicated because they can only be detected after they have happened. We are constantly working on improving our security processes and making them even more precise. When a data breach is detected, we will always be transparent about it to all our clients and users and report the incident within 72 hours to the authorities.

What do I need to know when talking GDPR?

The Data Controller GDPR Definition: The term “data controller” means a person or entity that (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be processed. What does it mean? The Data Controller is you – the Sarcon customer or the event organizer. Whether you are a corporation, event organizer, or an association, etc., you own the data and the responsibility of your customers’ data, regardless of the technology you use to handle it. The Data Processor GDPR Definition: The term “data processor”, in relation to personal data, means any person (other than an employee of the data controller) or entity that processes personal data on behalf of the data controller.“Processing”, in relation to information or data, means obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data, including—collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. What does it mean? The data processor is Sarcon. While both parties must align on compliance, the burden of compliance rests with the controller. To manage this burden, the data controller is responsible for building procedures with their data processor to ensure compliance.The role of the processor is to assist the controller in this regard, as a controller will often have a GDPR compliance process that involves multiple data processors.

Where is user data stored?

We treat all personal data that we collect and process with utmost care. Virtually all user data is hosted on Google Cloud, Google Clouds data centers follow the highest security and privacy standards and are GDPR compliant (Find Google Clouds GDPR policy here). Some of the event data is stored on AWS and Digital Ocean. AWS & Digital Ocean are also GDPR compliant . Clients can upload their event data directly into the CMS from their computer. If they need assistance from one of our project managers and send us sensitive event data, we secure these files in GoogleDrive folders, that can only be accessed by relevant team members.

What is your personally identifiable information (PII) removal process like?

To comply with the GDPR requirements pertaining to personally identifiable information (PII) removal, Sarcon has developed processes and internal tooling to accommodate requests. Data Removal Process All GDPR customer requests will be executed within 30 days of receipt. If the individual requests that their data be purged and that data was also shared with third parties (ex. Exhibitors), then Sarcon will inform the event Organizer to notify those companies of the deletion request. Steps to take for data removal requests 1) User must contact Sarcon at its privacy support email (email available in the Contact section) 2) The request email must be sent from the email id used to login/register to our products (in order to establish identity)     It is important that this request is done by the user itself and is not forwarded by third parties like the event organizers. 3) Email subject: PII removal request 4) Mention the user email and name of the user to be deleted along with the product(Virtual Event Platform, Mobile app, Online Registration) and event name (mention date of event). Removal process 1) In the event that the user data is found on our servers and we have established the requester`s identity the data would be erased in 30 days.

What is your procedure for reporting data breaches?

Our top priority is to keep your data secure. Detecting data breaches is important, yet complicated because they can only be detected after they have happened. We are constantly working on improving our security processes and making them even more precise. When a data breach is detected, we will always be transparent about it to all our clients and users and report the incident within 72 hours to the authorities.

Your search for the ultimate events platform ends here

Join forces with 

 to make your next event an unforgettable success.

Schedule Free Demo

Copyrights @ 2022, Sarcon.

Privacy Policy  Terms of Service