Fizz and the General Data Protection Regulation (GDPR)
Fizz is committed to compliance with the GDPR. We also wish to assist our customers with their own GDPR compliance by providing simple steps for ensuring proper compliance with Fizz Chat APIs, SDKs and Chat Analytics.
The EU General Data Protection Regulation (GDPR) will be enacted on May 25, 2018, and will bolster the rights of European end users with regards to their personal data. The new legislation will also unify data protection laws across Europe, regardless of where the data is being processed.
FIZZ AS A PROCESSOR
As defined by the GDPR, “a controller is the entity that determines the purposes, conditions and means of the processing of personal data, while the processor is an entity which processes personal data on behalf of the controller.”
GAME COMPANIES (YOU) AS A CONTROLLER
As a controller, you have several responsibilities with regards to the data sent to Fizz:
- Identify and define your responsibilities with regards to GDPR for your games. Fizz strongly suggests analyzing the GDPR within your own company and contacting your legal representatives to determine necessary steps.
- Fulfill the requests of your end users with respect to Data Subject Rights (DSR). This requires explicit consent to be given to legally enable the processing of any data including any data specifically sent to Fizz.
- As part of your users' DSRs, this may include objection, deletion or return of data, and you must notify Fizz of any requests made in this manner so Fizz can process the data appropriately.
- When updating your documentation around consent and data rights, it is required that you include verbiage allowing the use of Fizz as a processor.
PROCESSING ACCORDING TO INSTRUCTIONS
Any data that a customer and its users put into our systems will only be processed in accordance with the customer's instructions, as described in our GDPR-updated Terms of Service.
DELETION AND RETURN OF DATA
As per the GDPR, end users of the controller's services may request a deletion or return of their data. When Fizz receives a data return request from the controller, Fizz will produce an export of the relevant information as indicated by Controller's request within a maximum period of 30 business days. If a complete deletion request is communicated from you, Fizz will delete the relevant customer data from all of its systems within a maximum period of 40 business days unless retention obligations apply.
SECURITY OF FIZZ SERVICES
According to the GDPR, controllers and processors shall implement appropriate technical and organisational measures to ensure a level of security appropriate for the risk profile of the data. Fizz's infrastructure and organization is built with data protection and privacy in mind, focusing on a secure deployment of services, secure storage of data, secure communications between services, and safe operation by administrators. We adhere to a data model of storing as little information as possible, and this provides a firm foundation of our overall security profile.
DATA PRIVACY AND PROTECTION BY DESIGN
Over the years, Fizz has implemented many privacy and security rules, each adding to a robust security and privacy data practice that exists today. As it stands, Fizz is only storing data necessary for:
- Service Quality
- Regulatory Requirements
- Chat Analytics Platform
- Community Moderation
Each of these stored data points is either necessary to operate our business or required by governmental bodies.
However, any data we do store is kept for the minimum amount of time before it is expunged. The storage timelines are currently between one and eighteen months.
As part of conducting business at Fizz, we might utilize a number of subprocessors. If and when we do utilize subprocessors, they will be listed on an appropriate document and relayed to the appropriate data controllers.
Q: What is the EU GDPR?
A: The General Data Protection Regulation is a new EU privacy legislation that will replace the 95/46/EC Directive on Data Protection of October 24, 1995.
Q: Do I need to update the Fizz Chat Chat API/SDK/Analytics APIs?
A: No. Fizz assumes that the personal data that is sent to us has the proper legal basis for its use. As long as you have gained the proper legal basis to do so, you can continue to send data to Fizz for processing.
Q: Will there be updated Terms of Service for Fizz?
A: Yes. These updated terms are under review.
If you have additional questions, please don't hesitate to contact us at [email protected]