Expert Advice Community

Guest

GDPR intermediary

  Quote
Guest
Guest user Created:   Jul 04, 2022 Last commented:   Jul 10, 2022

GDPR intermediary

Hello. I have a question about Calendly type tools. These tools are intermediary software to make it possible to schedule an hour/a consultation of a client with a professional). The client reserves an hour through calendly leaving their name, email and other data. Calendly sends this data to the professional, but logically, it also saves it for its own reservation management. In this case, should calendly request express authorization from the client to store this data in its databases? Or should the professional be in charge of putting the fact that they share the data with calendly in their privacy policy?
0 0

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Tudor Galos Jul 10, 2022

The professional, when using third party tools, acts as a Data Controller and must make sure that it understands the fact that it needs to respect the relevant data protection legislation. If this legislation is GDPR, the professional must understand Calendly’s Terms and Conditions and determine whether Calendly is a Data Processor or a Data Controller, by assessing it’s level of autonomy in establishing the scope and means of personal data processing. Once the role is established, the professional needs to sign either a Data Processing Agreement, as requested by article 28 GDPR - Processor, a joint controller agreement as requested by article 26 GDPR – Joint controllers, or a controller to controller data processing agreement. Also it should establish if the consent is the best legal ground for processing, or other legal grounds for processing should be established, per article 6 GDPR – Lawfulness of processing.

 

More details here:

  • article 6 GDPR – Lawfulness of processing: https://advisera.com/eugdpracademy/gdpr/lawfulness-of-processing/
  • article 26 GDPR – Joint controllers: https://advisera.com/eugdpracademy/gdpr/joint-controllers/
  • article 28 GDPR – Processor: https://advisera.com/eugdpracademy/gdpr/processor/
  • EU GDPR controller vs. processor – What are the differences? https://advisera.com/eugdpracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/
Tudor Galos
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jul 04, 2022

Jul 10, 2022

Suggested Topics

simmal Created:   20h ago EU GDPR
Replies: 0
0 0

GDPR Scope and applicability

Guest user Created:   Jun 30, 2022 EU GDPR
Replies: 1
0 0

Laboratory space