EU General Data Protection Regulation (“GDPR”) Compliance Statement
Our Commitment
At Displayr data security is a priority for us and, as such, compliance with the GDPR is necessary to maintain our firm commitment to the protection and safeguarding of the personal data that we collect and process. In order to be GDPR compliant, we have reviewed and updated, where necessary, all our data protection processes, policies and controls.
There are two categories of personal data that Displayr may have access to and our responsibilities with respect to each are different:
- Personal data that is part of Displayr or Q user accounts
- Personal data in data sources uploaded to Displayr or Q (i.e. your data)
1. Personal Data that is part of Displayr or Q user accounts
In accordance with Article 13 of the GDPR, we must be transparent as to the purpose and use of the data collected, as well as provide details as to which third parties will be in contact with this data. As outlined in our privacy policy and terms of use, collecting personal data is a contractual requirement in order to comply with our legal obligations and enable us to perform our duties as a business. We are required by law to keep this data according to our confidentiality agreements and applicable taxation laws.
The personal data we collect is covered under ‘legitimate interest’ in Article 6 (f) as necessary in order to provide customers with our systems and offers and keep the business operating smoothly on a day-by-day basis.
Data Subject Rights
If individuals choose to enforce their data protection rights, we allow, as per Articles 12 to 23, their rights to request access to, amend, delete and restrict personal data from being processed, as well as lodge a complaint.
2. Personal data in data sources
Data which you upload or connect to Displayr or Q may contain personal data subject to GDPR and you are responsible for identifying this within your own data source.
You may export data from Displayr or Q (such as in a QPack, PowerPoint file, PDF or CSV file) and this export may contain personal data to the extent personal data is included in the data sources.
For Displayr and Q, you are the controller of personal data in your data sources and this means that you have certain responsibilities with respect to GDPR. These will include identifying personal data, keeping it secure, governing its use and facilitating the rights of data subjects.
For Displayr and Q, we are the processor of this personal data. Our terms of business state that we will comply with the GDPR requirements for data processors (https://www.displayr.com/terms-of-use/ and https://www.qresearchsoftware.com/license-terms)
Q is installed locally behind your own firewall and your data is not automatically transmitted to us. Our teams also do not have any built in connection to your software that would enable them to access your data. Where R calculations are performed with Q, your data, which may include personal data, may be sent to our R servers. There is no storage or backup of this data.
We currently have servers in the US, Canada, Western Europe, South-East Asia and Australia. For Displayr we do not guarantee on which server your data will be stored. If you require this guarantee you should speak to your Displayr contact. We have incorporated standard contractual clauses into our terms of business as required for our EU and UK customers.
Subprocessors
Displayr currently uses the following subprocessors to process personal data in the provision of software services:
| Subprocessor | Entity Country | Purpose | Products |
| Amazon Web Services | US | Data hosting facilities | Displayr |
| Microsoft | US | Data hosting facilities (Azure) Email and data storage for limited support requests (Microsoft Office) | Displayr, Q |
| Filestack | US | File Upload | Displayr |
| Zendesk | US | Customer support | Displayr, Q |
| US | Language translation features | Displayr, Q |
Displayr currently uses the following affiliates (see entity and country of registration below) to process personal data, and may be acting as subprocessors in the delivery of the software services and associated support services:
| Displayr Australia Pty Ltd | Australia |
| Numbers International LLC | US |
| Displayr Inc | US |
| Displayr New Zealand Limited Partnership | New Zealand |
| Q Research Software Limited | UK |
Customer Requirements
We further require our customers to comply with our stringent data protection policies and only upload personal data for legitimate and necessary reasons whilst still conforming to minimisation rules if data cannot be made anonymous.
Questions
If you have any questions about this document and/or GDPR compliance, please contact us at:
Displayr
https://www.displayr.com
[email protected]
This document was last updated on July 10, 2024
