GDPR

How and why Indigo Forward processes personal data and how we comply with the new EU regulation effective from May 25th 2018.

Why does Indigo Forward gather and hold data in the first place? What is its purpose?

Indigo Forward develops and offers a cloud based streaming, recording and online video platform. Hence Indigo Forward is acting as a data processor.

All of Indigo Forward’s clients own their media and data and are also responsible for it.

One of the core features in the Indigo Forward cloud platform is to upload, store and manage video content together with other data content. This is to offer a user friendly solution to manage large volumes of data with the purpose of enabling communication inside and outside of an organization. For Indigo Forward to do this we need to store personal data such as email, login details, country and region of users and viewers and of course video content containing people and personal data.

In normal use, our servers need to handle some potentially Personal Data to provide satisfactory operation. This is contained in the configuration data, history database, and log files.

Configuration data can include such things as VMR names, endpoint or telephone numbers for automatic dial out and email addresses for configuration reminders. Configuration data is required in order for the servers to operate correctly.

Whilst operating, our servers log significant events for security and service diagnostic purposes. These log files could contain information such as VMR names, end point identifiers and telephone numbers, IP addresses to which connections were placed or from which they were received.

Both history data and log data is required for administrators to verify the correct operation of the system and to diagnose reported issues.

Upon what legal basis are you justifying holding that data? Consent or legal requirements?

Indigo Forward are holding, storing and processing data for our clients and we do this with consent from the client. All users logging into the platform from May 2018 will have to give their consent and the consent will be documented in our platform database.

Who has access to that data?

In Indigo Forward there are several different levels of security and data classification.

Depending of the security level and need of the client different access rights are given to the data. Standard security level means that End user has to give consent for a Indigo Forward or Indigo Forward reseller Support Representative to access the End user account and End user data. All access and changes done in the system is logged and can be extracted for further analysis.

How is Indigo Forward protecting data from breaches?

Indigo Forward have built the infrastructure and the software system based on high security standards. Indigo Forward has a complex server and infrastructure setup with only chosen senior developers with access to the server structure. The data in Indigo Forward’s server infrastructure is protected by firewalls against DDoS attacks and has redundant backups, electricity and internet connections.

The Indigo Forward services and platform has full functionality to tag and index video material with metadata to offer a GDPR proof platform where end users and clients can organize their content accordingly.

What data does Indigo Forward store?

Indigo Forward stores video recordings and video media together with metadata for our clients and partners.

Data from viewers that is collected and stored is data such as IP addresses, email addresses, geographical data, screen size, operating system, browser. Data stored about end users and administrators is username, email address and preferred language.

Our platform management server will store a record of successful calls in the system in its History database. This will also contain information such as VMR names, end point identifiers and telephone numbers, IP addresses to which connections were placed or from which they were received.

When system snapshots are taken they will contain database, log, and configuration files. They potentially contain Personal Data and are treated accordingly.

Third parties

Indigo Forward will not share any data to a third party and Indigo Forward will not store any data after a contract with a client is finished or after an end user have deleted their account.

Where is the data stored?

All our data is stored and contained within the EU in different data centers. Depending on which region the client is based and, on the clients, demands the data will be stored in chosen or recommended region.

How to get your personal data exported and/or deleted

With GDPR every person owns their own personal data. To get your personal data exported and/or deleted you have to contact your Indigo Forward partner, reseller or with Indigo Forward support at support@indigoforward.com

What is Indigo Forward’s data deletion routine?

When data is deleted in Indigo Forward it follows a strict routine and it first gets deleted from the Indigo Forward application database. After 24 hours data gets deleted from the main database first backup, after one week data gets deleted from the weekly backup and after one month the data is completely deleted in Indigo Forward.

Deleted data before the last monthly backup can be restored and the data-restore work will be billed hourly.

For any further questions about Indigo Forward and our data compliance please contact us at support@indigoforward.com