What is GDPR?

This page is prepared to help Scrintals' users understand, and where applicable, comply with the General Data Protection Regulation (“GDPR”). The GDPR is a significant change to European data privacy legislation and is in effect since May 15, 2018.

The GDPR's primary aim is to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

GDPR’s security and data privacy foundational principles are taken into consideration in every action we take at Scrintal, as an EU based company. Scrintal recognizes the importance of complying with GDPR to advance information security and data privacy of our users.

GDPR compliance

Below we present several GDPR compliant initiatives we have implemented across our Services:

  • Investment in security – Scrintal invests in security and third party security companies provide regular checks. 
  • Terms of Use – Our terms of use clearly communicates the measures we take to protect our users’ content, confidentiality, and privacy. 
  • Privacy policy updates – Our Privacy policy is prepared with the GDPR guidelines in mind and documents responsibilities of Scrintal as a data controller and how we protect personal data.  
  • Data Processing Agreement – We have prepared a Data Processing Agreement in accordance with Article 28 GDPR. We sign this data processing agreement with each user before any audio or video is uploaded. 
  • Data sub-processors – We list all of our third-party data sub-processors in our privacy policy and share information on what we use them for and where they are located.

Our security

Security is our top priority. Scrintal processes sensitive and confidential audio and video files every day. We have built security into Scrintal’s every layer of the architecture where applicable.

Our website and tool infrastructure are designed to ensure the safety of your data. We have chosen to use the industry-standard HTTPS (using TLS 1.2) for secure data upload, export and transfer. Scrintal uses data centers by Amazon Web Services (AWS) which offers the highest levels of physical and infrastructure security, certified with ISO 9001, ISO 27001, ISO 27017 and ISO 27018.

Read more about our Security practices.

Data Storage in the European Economic Area (EEA)

We offer our users a robust data privacy, control and security framework as a part of our Data Processing Agreement (“DPA”).  This document ensures that users can lawfully permit Scrintal to process the audio and video they upload, as Scrintal abides by the GDPR by ensuring the security of information and storage within the European Economic Area. Our DPA also includes specific provisions to assist users in their compliance with the GDPR.


Data Transfer

You can read our blog post on the invalidation of the EU-US Privacy Shield regime and its implications for researchers


Scrintal's Obligations as a Data Controller

Under the GDPR, you have various rights including the following in relation to your personal data. 

Right of Information and Access

You have the right to obtain from us confirmation as to whether your personal data are being processed, and, where that is the case, access to such personal data.

Right to be forgotten

We will block access to your data if you delete your account on our platform. If you wish to completely remove it from our servers, just contact us and we will delete it as soon as possible.

Right to rectification

We will use reasonable endeavors to ensure that your personal information is accurate. In order to assist us with this, you should notify us of any changes to the personal information that you have provided to us by sending us a request to rectify your personal data where you believe the personal data we have is inaccurate or incomplete.

Right to restriction of processing

You have the right to ask us to restrict the processing of your personal data at any time.

Right to object

You have the right to object at any time to the processing of your personal data when the processing is based on a legitimate interest (unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. Where personal data are processed for direct marketing purposes, you have the right to object at any time to such processing.

Right to data portability

You have the right to request that we provide you with a copy of all of your personal data and to transmit your personal data to another data controller in a structured, commonly used and machine-readable format, where it is technically feasible for us to do so.

Right to withdraw consent

You have the right to change your mind and withdraw a previously given consent.

Privacy and consent

Your privacy is important to us, and so is being transparent about how we collect, use, and share your information. In our Privacy Policy, we share what information we collect, how we use and store that data, and how you can access and control your information.

If you want to learn more about your personal rights in line with the GDPR legislation, you can read our privacy policy to learn more.

Additional resources

The following resources might prove useful:

Contact us

If you have any questions or wish to exercise your personal rights, please email us at security@scrintal.com.