GDPR

Snappic is ready for the GDPR (General Data Protection Regulation)

Snappic has always been built with a strong commitment to privacy, security, and protecting personal data.

We fully support our users in complying with the General Data Protection Regulation (GDPR or (EU) 2016/679), which came into force on May 25, 2018. The GDPR replaces the previous EU Data Protection Directive (Directive 95/46/EC).

Please note that this page is provided as a resource to understand the scope of the GDPR in relation to using Snappic. It does not constitute legal advice, representations, or warranties of Snappic and we are not responsible for any reliance on the information below. We encourage you to seek professional legal advice if you have questions about how the GDPR may affect your organization and procedures.

The GDPR protects personal data of individuals. Personal data is any information relating to an identified or identifiable individual.

The GDPR regulates two types of persons that process personal data:

  1. Controllers are persons that determine the purpose and means of processing of personal data.
  2. Processors are persons who process personal data on behalf of data controllers.

Controllers are primarily responsible for compliance with the GDPR, including in relation to personal data processed by their processors. Processors have some of their own obligations, including implementing appropriate technical and organisational security measures that meet the requirements of the GDPR.

For purposes of the GDPR, Snappic is a processor, and Snappic users (e.g. event professionals) are the controllers in respect of personal data of event attendees collected through the Snappic app.

We believe that all Snappic services (which can be found on our pricing page) can be used in compliance with the GDPR.

As a processor, we've taken various initiatives to ensure Snappic's compliance with the GDPR's requirements (to the extent applicable) with respect to the scope of services stated in our Privacy policy and EULA . These include implementing:

  1. appropriate technical and organizational measures to secure personal data processed through Snappic; and
  2. policies and procedures to notify Snappic users without undue delay after becoming aware of a personal data breach, so that the users can comply with their own data breach notification obligations.

We have also taken initiatives to assist Snappic users (e.g. event professionals) to comply with their own obligations as controllers under the GDPR, such as:

  • revising our EULA (see the section on "Data Processing Agreement" below) and Privacy Policy;
  • implementing policies and procedures to assist users to respond in a timely manner to data subject requests for access, rectification, erasure and retrieval of personal data which is being processed by Snappic;
  • providing tools to assist our users to:
  • obtain consent from guests to process their personal data where required by the GDPR (including for marketing purposes); and
  • display information to guests about the handling of their personal data.

See the section on "Tools to assist our users" below.

Note however, that adherence to the GDPR requirements in your function as a controller is your own responsibility.

Data security is a core concern in all parts of our systems, infrastructure and processes.

From a technical perspective, all our servers are fire-walled and kept updated with the latest security patches.

Snappic is a South African incorporated company (Registration number 2015/440326/07), located in Johannesburg.

All data on Snappic's systems is processed and stored in the United States.

One of the central themes of the GDPR is openness, including around who is processing personal data and for what purposes.

We enable you to do this by creating a privacy statement. We recommend that you do this, as not doing so places you at risk of non-compliance with the GDPR.

You can use the wording below. We also recommend that you disclose who is processing the personal data (i.e. Three Commas, the provider of Snappic).

Disclaimer (Privacy statement)

This can be found under Event Options > Advanced

We have procured this app from Three Commas Proprietary Limited. It enables you to take photos and link them to this event. You can also choose to share your photos on social media. When you take photos with this app, Three Commas collects and stores your personal data on behalf of the organiser of this event. If you would like to know more about how your personal data is handled, or find out more, please contact us directly at [enter your company details].

If you are using AVA (advanced vision analytics) you must include the following statement in your Disclaimer (Privacy statement)

We process aggregated information gathered from photos taken using Snappic (for example, the number of people in a photograph, their age range and gender) for [insert description of purpose]. This does not include your personal data.

Please see the FaceMatch article for more information on what to do with FaceMatch

In certain instances, you may need to obtain consent to process personal data. Our Data capture feature has the ability to add fields that a user must physically tick/check i.e. accept. To ensure GDPR compliance by the user (e.g. event professional) this option should be used. If a guest does not tick/check to accept these terms, then their data must not be distributed or used by you or any other 3rd party and that data must be deleted.

You can use the following wording:

Data capture

Title

GDPR

Description

(General Data Protection Regulation)

Checkbox

DO YOU WANT TO RECEIVE COMMUNICATIONS FROM [Company]? If you enable this, this means that you consent to the use of the contact details you provide for [Company] to send you information about its products and services. You can opt-out at any time.

*Please note that this checkbox field must not be a required field to comply with GDPR.

The processing activities conducted by a processor (like Snappic) on behalf of a controller (Snappic users e.g. event professionals) must be governed by a written contract, or other binding legal act, which complies with the GDPR. Our End User License Agreement (EULA) is this contract. All users (e.g. event professionals) must digitally accept the terms of the EULA in order to use the Snappic app/backend portal. Changes to the EULA will be displayed to you via a message on your Snappic dashboard – see example below. We will notify users of changes to our privacy policy in the same way.

Please note that for fully white-labelled accounts making use of sub-accounts, it is the account holder's responsibility to ensure that it has any necessary relevant agreements in place with their sub-account holders.

We believe that all Snappic services (which can be found on our pricing page) can be used in compliance with the GDPR.

Snappic takes active measures to support users in protecting personal data and continues to build features and services in line with data protection and information security laws and our focus on strong security and privacy measures.

However, adherence to the GDPR requirements in your function as a controller is your own responsibility.