Everybody has been talking about GDPR lately, it almost feels like doomsday. You have almost certainly received an email (or multiple emails) from different web service providers informing you about their privacy and terms of service updates, right? It all has to do with GDPR coming into effect very soon. In this post we’ll give an overview of the impact GDPR will have on remote desktop services.
Why did GDPR happen?
The General Data Protection Regulation will replace the EU’s Data Protection Directive, which went into effect in 1995, well before the internet became the online business hub that it is today. In the meantime, data has become the oil of the 21st century and the public concern over privacy on the internet has grown significantly with each new high-profile data breach. The EU’s response to data privacy concern was GDPR, which standardises data protection law across all 28 EU countries by setting new rules designed to give EU citizens more control over their personal data and to clarify exactly what companies that process personal data must do to safeguard people’s rights.
How ISL Online uses your data?
ISL Online is a pioneer in the remote desktop industry and the main purpose of ISL Online’s software is to allow IT professionals and helpdesk technicians to establish remote desktop sessions over the Internet for their business purposes, i.e. to provide technical support to their customers remotely or to access unattended remote computers.
Let’s go through the different steps of ISL Online-client interaction to give you a better insight into what personal data you share with us at different stages. Before we proceed, it’s worth emphasising our fundamental principles in regards to data protection:
- We do not sell data.
- We do not share data unless compelled by the law.
- We do not ask for personal information unless it’s needed to provide our service.
- We don’t store personal information unless required for the on-going operation of our service.
What data ISL Online collects?
… when you visit our website
When you visit our website, we collect a limited scope of personal data transmitted to us by your browser. This enables you to access our website and helps us create the best user experience for you. The data transmitted by your browser includes your personal data (IP address) and metadata such as timestamp, technology used (operating system, browser, network etc.), referrals (website from which the request comes), language and the country of origin.
Our website also contains cookies – small text files that are placed on your computer upon your visit. Cookies are widely used in order to make websites work or work more efficiently. Please refer to our cookies policy for details.
… when you start a free trial
If you decide to sign up for a free trial of the ISL Online software, you will only be required to provide your email address. Later on, you can update your profile by adding your full name and other personal information, but it is not necessary.
When you register for a free trial, your account will be activated for the use of the product. Upon the registration and all subsequent successful login attempts we will collect your IP and MAC addresses due to auditing and licensing reasons.
According to your country of origin and the cookie information, your account information may only be processed by the ISL Online Headquarters, our subsidiaries or Authorised Partners who have signed information-sharing agreements with us. These processors have access to the personal data needed only to perform their customer care functions related to ISL Online’s products and services and may not use it for any other purpose.
In your ISL Online account you can modify your personal data at any time.
… when you offer remote support or access remote computers through ISL Online
Once logged into your account, ISL Online allows you to establish a remote desktop session with a remote computer or a mobile device. The session may include different services such as text-chat, screen sharing, video call and file transfer.
All remote desktop sessions are encrypted using symmetrical AES 256-bit keys. A secure SSL end-to-end tunnel is established between a local and a remote computer or device. This means that even the ISL Online servers cannot decrypt the content of the sessions but only transfer packets from one side to another. Thus, we do not collect any personal data transmitted during remote desktop sessions.
However, we do collect and store metadata of remote desktop sessions. This is needed for the legitimate purpose of enabling access to the ISL Online products and services explicitly requested by you. The list of metadata stored on ISL Online’s servers may include your personal data:
- Email address
- IP address
- MAC address
A detailed list of basic session parameters (metadata) is available in our Security Statement. The collection, encrypted transfer and storage of this data on the encrypted disks is managed according to the ISO/IEC 27001:2013 information security standards.
… when you send a text message
ISL Online offers optional features which some of our clients decide to enable in order to enhance their remote desktop sessions:
- A live-chat solution which allows instant text messaging
- End-of-Session dialogs, which pop up to operators or clients once the remote desktop session is finished for the purpose of collecting the users’ feedback.
- Integration into third-party solutions such as service desk or ticketing products, CRMs, ERPs and other enterprise systems.
Once you enable one or more of these features, this might result in collecting text messages (the transcript of the chat between the operator and the client) related to a remote desktop session and storing this data on ISL Online servers beside the metadata. Chat transcripts are available to operators and administrators of the respective organisations. We advise you not to enter any sensitive or personal information into a chat window.
In the case of the integration of ISL Online software into third-party solutions, the chat transcript may be transferred to service desk or ticketing products, CRMs, ERPs or other enterprise systems. We do not control the personal data collected and managed by these enterprise systems. We recommend that you check privacy and data sharing policies of these companies.
… when you get an automatic email notification or a newsletter
We use internal systems to deliver important system messages and news about the ISL Online products and services to you. Once you sign up for the ISL Online software, we advise you to subscribe to the:
- Automatic Email Notifications (AEN): These are automatic notifications related to your ISL Online account status. For example, our systems will automatically send a message to your email address to notify you when your license expires.
- Newsletters: Approximately once a month, we send out a newsletter to notify you about important product or service enhancements, security announcements or other information we consider relevant to our users.
When you subscribe to Automatic Email Notifications or Newsletters, we will send out emails to the email address specified in your account. You are able to change your subscription preference at any time (Log into My Account > My Profile > Change Subscription).
If at some point you decide that you don’t want to receive our emails anymore, you can withdraw your consent and we will stop sending you newsletters and notifications.
… when you buy an ISL Online license
When an organisation decides to purchase the ISL Online license, this license is assigned to a specific ISL Online account. These accounts are normally managed by Administrators (license owners). During the purchasing process we will collect information needed for billing and order processing purposes, which may include your personal data such as your name, company’s name and address, email address, and telephone number. We will keep purchase orders and invoice records as long as requested by tax authorities. Please refer to the terms of service for details.
You are always able to review and change your personal data or your preferred point of contact.
… when you like or share our content through social media
Our official websites feature social media plugins like Facebook, Twitter and LinkedIn to enable you to share information with others. If you are logged into a social media site while visiting our website, social media widgets might collect your IP address, follow your activity on our website and share this information with third parties. We do not control any of the content from the social media plugins. To see how your interactions with these features are governed you should read the privacy statement of the companies that provide them.
… when you visit our blog
We own a blog (the one you’re reading right now:)), where we publish a lot of interesting content and useful tips and tricks about remote support and remote access. The blog is hosted at WordPress.com which offers features like »Subscribe to blog« and »Reply to a blog post«. We do not control the personal data collected and managed by these blog features. If you wish to use these features and have any concerns we recommend that you look for WordPress privacy and data sharing policies.
… when, in the rarest of cases, you decide to quit ISL Online services
In case you no longer need our products and services, you have the right to ask us for the removal of your personal data. In such case, we will remove your personal data from our databases where such removal is possible from the legal and technical perspective.
At ISL Online we believe that the EU’s General Data Protection Regulation is an important milestone in the data privacy landscape. After all, higher data protection standards benefit everybody.
Understanding and adhering to GDPR is a challenge, but we have been intensively preparing to meet the GDPR requirements since April 2017. Thus, we do not expect any significant impact to our business processes once GDPR comes into effect. We will continue to provide our users a secure, reliable, high-quality remote desktop software.