Digication Logo

Digication Compliance To The General Data Protection Regulation (GDPR)

1. Introduction to this Privacy Notice

The GDPR is a comprehensive European Union (EU) data privacy law. Along with standardizing user data privacy across the EU member states, the GDPR places requirements on some organizations that handle EU residents' personal data, regardless of where the organizations are located.

While using Digication, personal information you or your organization (if your account is being administered and controlled under an Enterprise subscription) has provided will be hosted on our platform and shared with us. Upon registration or first login with Digication, you will be required to acknowledge receiving this Privacy Notice before you can access Digication.

Digication provides the additional information below to inform you of your rights and our practices and responsibilities in processing your personal data under the GDPR. This Privacy Notice only applies when (a) you are based in the EU and (b) you are a user of Digication.

2. Data Controller and Data Processor

Under the GDPR, Digication acts as both a data controller and a data processor, depending on the context:

  • Data Controller: Digication acts as a data controller for the personal information we collect directly from you when you create an account, such as your name, email address, and login credentials.
  • Data Processor: Digication acts as a data processor for the content you create and upload to our platform. In this case, your educational institution or organization is typically the data controller.

3. Legal Basis for Processing

Under the GDPR, we must have a legal basis for processing your personal data. We process your personal data on the following legal grounds:

  • Contractual Necessity: Processing is necessary for the performance of our contract with you or your institution to provide our services.
  • Legitimate Interests: Processing is necessary for our legitimate interests, such as improving our services, ensuring security, and communicating with users, provided these interests are not overridden by your rights and freedoms.
  • Consent: In some cases, we may process your data based on your explicit consent, which you can withdraw at any time.
  • Legal Obligation: Processing may be necessary to comply with a legal obligation to which we are subject.

4. Your Rights Under GDPR

The GDPR provides you with several rights regarding your personal data, including:

  • Right to Access: You have the right to request a copy of the personal data we hold about you.
  • Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
  • Right to Erasure (Right to be Forgotten): In certain circumstances, you have the right to request that we delete your personal data.
  • Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
  • Right to Object: You have the right to object to the processing of your personal data in certain circumstances, including processing for direct marketing purposes.
  • Right Not to be Subject to Automated Decision-making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

5. Data Protection Measures

Digication implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data during transmission and at rest
  • Regular testing and evaluation of the effectiveness of security measures
  • Procedures for ensuring the ongoing confidentiality, integrity, and availability of processing systems
  • Procedures for restoring access to personal data in a timely manner in the event of a physical or technical incident
  • Regular staff training on data protection and security

6. International Data Transfers

Digication is based in the United States and processes data on servers located in the United States. When transferring personal data from the EU to the United States, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission for transfers to third countries
  • Data Processing Agreements with our sub-processors that include the appropriate safeguards required by GDPR

7. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, Digication will notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours after becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, Digication will also notify you without undue delay.

8. Data Protection Officer

Digication has appointed a Data Protection Officer (DPO) who is responsible for overseeing our GDPR compliance efforts. You can contact our DPO at:

Data Protection Officer
Digication, Inc.
10 Dorrance Street, Suite 700
Providence, RI 02903
Email: dpo@digication.com

9. How to Exercise Your Rights

To exercise any of your rights under the GDPR, please contact us at privacy@digication.com. We will respond to your request within one month. This period may be extended by two further months where necessary, taking into account the complexity and number of requests.

10. Complaints

If you have a concern about our privacy practices, including the way we handle your personal data, you can contact us at privacy@digication.com. You also have the right to lodge a complaint with the data protection authority in the EU member state where you reside, work, or where an alleged infringement of the GDPR has occurred.

Last updated: January 1, 2024