Expert Advice Community

Guest

GDPR intermediary

  Quote
Guest
Guest user Created:   Jul 04, 2022 Last commented:   Jul 10, 2022

GDPR intermediary

Hello. I have a question about Calendly type tools. These tools are intermediary software to make it possible to schedule an hour/a consultation of a client with a professional). The client reserves an hour through calendly leaving their name, email and other data. Calendly sends this data to the professional, but logically, it also saves it for its own reservation management. In this case, should calendly request express authorization from the client to store this data in its databases? Or should the professional be in charge of putting the fact that they share the data with calendly in their privacy policy?
0 0

Assign topic to the user

EU GDPR & ISO 27001 INTEGRATED DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR & ISO 27001 INTEGRATED DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Tudor Galos Jul 10, 2022

The professional, when using third-party tools, acts as a Data Controller and must make sure that it understands the fact that it needs to respect the relevant data protection legislation. If this legislation is GDPR, the professional must understand Calendly’s Terms and Conditions and determine whether Calendly is a Data Processor or a Data Controller, by assessing it’s level of autonomy in establishing the scope and means of personal data processing. Once the role is established, the professional needs to sign either a Data Processing Agreement, as requested by article 28 GDPR - Processor, a joint controller agreement as requested by article 26 GDPR – Joint controllers, or a controller to controller data processing agreement. Also, it should establish if the consent is the best legal ground for processing, or other legal grounds for processing should be established, per article 6 GDPR – Lawfulness of processing.

More details here:

Tudor Galos
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jul 04, 2022

Jul 10, 2022

Suggested Topics

Guest user Created:   Jun 28, 2021 EU GDPR
Replies: 1
0 0

Recruitment

Guest user Created:   Aug 06, 2023 EU GDPR
Replies: 1
0 0

Do we need VPN to comply with GDPR?

Guest user Created:   Jul 12, 2023 EU GDPR
Replies: 1
0 0

Business Continuity Plan and GDPR