Effective March 20, 2023
Q: What do I need to do as a customer of MorphCast to ensure we are GDPR compliant?
A: As a customer of MorphCast, there are several things you can do to ensure that you are GDPR compliant. Here are a few key steps to consider:
- Understand your obligations: It’s important to understand your obligations under GDPR as a customer of MorphCast. This means understanding how you collect, store, and process personal data, as well as the rights of data subjects (i.e., the individuals whose data you are collecting).
- Review our Term Of Use of the service you are interested in (provisions related to data protection, data processing, and data security).
- Obtain appropriate consent: Ensure that you obtain appropriate consent from data subjects before collecting and processing their personal data. Consent should be freely given, specific, informed, and unambiguous. You should also make it easy for individuals to withdraw their consent at any time.
- Implement appropriate security measures: Implement appropriate security measures to protect the personal data you collect and process. This might include using encryption, pseudonymization, or other security measures to protect data.
- Keep records: Keep records of your data processing activities and ensure that you can demonstrate compliance with GDPR if required. This might include maintaining records of data processing activities, data protection impact assessments, and records of data breaches.
- Respond to data subject requests: Be prepared to respond to data subject requests, including requests for access, correction, or erasure of personal data. You should have processes in place to respond to these requests in a timely manner.
By taking these steps, you can help ensure that you are GDPR compliant as a customer of MorphCast. It’s also a good idea to stay up to date with GDPR developments and seek legal advice as needed to ensure ongoing compliance.
Q: How does GDPR affect organizations being able to activate facial emotion analysis?
A: Emotion AI, also known as affective computing, involves the use of artificial intelligence (AI) and machine learning (ML) algorithms to analyze and interpret human emotions based on data such as facial expressions, voice tone, and physiological signals. Like facial emotion analysis, Emotion AI also involves the processing of personal data and is subject to the General Data Protection Regulation (GDPR).
Under the GDPR, Emotion AI is subject to the same requirements for processing personal data as any other form of data processing. Organizations must ensure that they have a lawful basis for processing personal data, such as obtaining explicit consent from the data subject or having a legitimate interest that outweighs the interests, rights, and freedoms of the data subject.
Organizations must also provide clear and transparent information about the processing of personal data, including the purpose of the processing, the categories of data being processed, and the rights of the data subjects. This is especially important when it comes to Emotion AI, as individuals may not be aware that their emotions are being analyzed or how their personal data is being used.
In addition, organizations must ensure that they are using appropriate technical and organizational measures to protect the security of the personal data they are processing. This includes implementing appropriate data protection and security measures, such as encryption and access controls, and ensuring that third-party providers involved in the processing of personal data are also GDPR compliant.
Q: Where is the data we upload to the MorphCast platform stored? What is the data storage location?
A: Data will be stored in a data center operated by the cloud service provider Amazon AWS in the European Union.
Q: Is MorphCast GDPR compliant and able to demonstrate compliance?
A: MorphCast is committed to complying with the General Data Protection Regulation (GDPR) and has implemented a number of measures to ensure compliance. As a customer of MorphCast, you can be assured that the platform is designed with GDPR compliance in mind.
MorphCast also provides a number of features that can help customers meet their GDPR compliance obligations. For example, the platform provides tools for data access and portability, which can help customers respond to data subject requests in a timely and efficient manner.
Furthermore, MorphCast has implemented appropriate measures to ensure that personal data is processed lawfully, fairly, and transparently. The platform collects only the data that is necessary for the provision of its services and has implemented appropriate procedures for obtaining and managing user consent.
MorphCast is also able to demonstrate compliance with GDPR. The company maintains comprehensive records of data processing activities and has implemented procedures for managing data breaches and responding to data subject requests. In addition, MorphCast is transparent about its data processing activities and is willing to work with customers to ensure that they can meet their GDPR compliance obligations.
Overall, MorphCast is committed to GDPR compliance and is able to demonstrate compliance through its policies, procedures, and technical measures. As a customer of MorphCast, you can rely on the platform to help you meet your GDPR compliance obligations.
Q: Do you have a process for deleting personal data when asked by the data controller?
Yes we have. See MorphCast Mission page related to the applicable privacy policies based on the service you are interested in.
Q: What data does MorphCast hold in relation to our organization?
Please see the MorphCast Privacy Notice related to the service you are interested in.
Q: How long does MorphCast store our data for?
For data where you are the Data Controller, you manage how long the data is stored.
For data where we are the Data Controller, see the applicable privacy policies based on the service you are interested in.
Q: Who does MorphCast share our data with?
MorphCast does not share any data where you are the Data Controller and MorphCast is the Data Processor.
For any data where MorphCast is the Data Controller, we only share data with our partners who have been certified by MorphCast to exclusively represent them in specific regions. Further information on this can be found on our privacy notice.
Q: Does your organization provide training to staff on data protection management?
All staff are provided with the necessary training on GDPR including data protection management.
Q: What technical and organizational security measures do you have in place to protect personal data?
A: As an artificial intelligence (AI) company that processes personal data, MorphCast takes the protection of personal data very seriously. To ensure the security and confidentiality of personal data, MorphCast has implemented a variety of technical and organizational security measures.
Some of the technical measures implemented by MorphCast to protect personal data include:
- Data encryption: MorphCast uses encryption to protect personal data both in transit and at rest. This ensures that even if data is intercepted or stolen, it cannot be read or used by unauthorized individuals.
- Access controls: MorphCast implements access controls to ensure that only authorized personnel have access to personal data. This includes multi-factor authentication and other security measures to prevent unauthorized access.
- Regular security testing and auditing: MorphCast performs regular security testing and auditing to identify and address potential security vulnerabilities and ensure that its security measures are effective.
- Anonymization and pseudonymization: MorphCast implements measures to anonymize or pseudonymize personal data to minimize the risk of re-identification and protect the privacy of data subjects.
Some of the organizational security measures implemented by MorphCast to protect personal data include:
- Policies and procedures: MorphCast has implemented policies and procedures to ensure that personal data is processed lawfully, fairly, and transparently. These policies and procedures outline how personal data is collected, processed, and protected.
- Staff training: MorphCast provides regular training to its staff on data protection and security to ensure that they are aware of the importance of protecting personal data and the specific measures that have been implemented to achieve this.
- Data protection officer (DPO): MorphCast has appointed a DPO who is responsible for overseeing data protection and privacy issues within the company.
- Third-party provider due diligence: MorphCast performs due diligence on its third-party providers to ensure that they are also GDPR compliant and that they provide adequate security measures to protect personal data.
MorphCast has implemented a comprehensive set of technical and organizational security measures to protect personal data. These measures are regularly reviewed and updated to ensure that they remain effective and in line with the latest data protection and security standards.
For more details, see our mission site page related to the applicable privacy policies based on the service you are interested in.
Q: Do you have a written policy for data protection? If yes, does it provide a procedure for data breaches and notification of customers of a breach? Should there be a breach, please confirm that you notify us as soon as you are aware? In the event of a breach please confirm that you will cooperate with us to report, manage and recover data that you have also had access to or use?
A: Yes to all the questions. See our data policies on the mission site page related to the applicable privacy policies based on the service you are interested in. In particular, the Data Breach Response and Notification Procedure.
Q: Who is the person responsible for data management/protection in your organization?
A: MorphCast has appointed a Data Protection Officer, who may be reached at the email address [email protected]
Q: Does MorphCast ensure those processing personal data are under a confidentiality obligation (contractual or statutory)?
A: Yes, all MorphCast employees have agreed to a confidentiality obligation via their employment contract.
Q: Does MorphCast take all measures required under the security provisions (Article 32) which includes pseudonymisation and encrypting data as appropriate?
A: Yes, for details about our security see our Emotion AI – Responsibility documentation.
Q: Does MorphCast assist the controller in responding to requests from individuals (data subjects) exercising their rights?
A: Yes, for process details, see our mission site page related to the applicable privacy policies based on the service you are interested in.
Q: What type of data are you collecting and processing?
For data where you are the controller, any data you upload to the MorphCast platform, MorphCast is responsible for ensuring that it is collected and processed in accordance with the General Data Protection Regulation (GDPR).
When you upload personal data to the platform, such as images, text, video files, audio files, screen captures, and host video calls, MorphCast is responsible for ensuring that it is processed lawfully, fairly, and transparently. This means that MorphCast has a lawful basis for processing the personal data, such as obtaining explicit consent from the data subject or having a legitimate interest that outweighs the interests, rights, and freedoms of the data subject.
MorphCast also provides clear and transparent information about the processing of personal data, including the purpose of the processing, the categories of data being processed, and the rights of the data subjects.
MorphCast has implemented a variety of technical and organizational security measures to protect the personal data that is uploaded to the platform. These measures include data encryption, access controls, regular security testing and auditing, and staff training. MorphCast also takes care that third-party providers involved in the processing of personal data are GDPR compliant.
It’s important to note that as the customer uploading personal data to the MorphCast platform, you are also responsible for ensuring that you have a lawful basis for processing the personal data, and that you have obtained any necessary consents from data subjects. You are also responsible for complying with the GDPR’s requirements for data access, portability, and retention, and for responding to data subject requests in a timely and efficient manner.
MorphCast takes its responsibilities as a data controller under the GDPR very seriously and has implemented a variety of measures to ensure that personal data is processed lawfully, fairly, and transparently, and protected in accordance with the GDPR.
Q: Does any profiling of data subjects take place with the data you process on our behalf? What assurances can you give us?
A: No. Our DPA states we only process data under instructions from the data controller.
Q: Do you have processes to ensure all subcontractors with access to data will also comply with these requirements?
A: Yes. Any third parties go through a GDPR review process prior to being used. Any third party who acts as a sub-processor must provide a GDPR compliance DPA with MorphCast.