Privacy policy

We work hard to protect your information

Last update: April 2021

Summary

When you use Rate My Meeting you entrust me with your valuable information. I have made it a priority to protect your data and to provide you with choices about controlling it. I understand that there are particular concerns from companies in the EU about how I use and protect your data, so I put this page together as a guide to answer some of the most common questions you may have.

  • The Privacy & Data retention tab provides an overview of our data center and our data retention policy.
  • The GDPR tab provides detailed information about how we comply with GDPR.
  • The Third parties tab provides a list of our sub-processors under GDPR.

For general inquiries, contact me anytime.

Privacy & Data retention

Your privacy is important to me. It is Rate My Meeting's policy to respect your privacy regarding any information the system may collect from you across the website, https://ratemymeeting.co, and other sites I own and operate.

I only ask for personal information when I truly need it to provide a service to you. I collect it by fair and lawful means, with your knowledge and consent. I also let you know why I'm collecting it and how it will be used.

Data center

Rate My Meeting's primary data and servers are hosted at Amazon Web Services (AWS) in Frankfurt and Ireland.

Data retention

I only retain collected information for as long as necessary to provide you with your requested service. What data I store, I’ll protect within commercially acceptable means to prevent loss and theft, as well as unauthorized access, disclosure, copying, use or modification.

I will retain your Personal Information for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.

I don’t share any personally identifying information publicly or with third-parties, except when required to by law.

With your active consent I store only non-identifiable information to provide a bridge between our service and third-party service integrations. We store this information for the duration that the integration is active.

Our website may link to external sites that are not operated by me. Please be aware that I have no control over the content and practices of these sites, and cannot accept responsibility or liability for their respective privacy policies.

You are free to refuse my request for your personal information, with the understanding that I may be unable to provide you with some of your desired services.

EU General Data Protection Regulation (GDPR)

What is GDPR?

In 2016, the European Commission approved and adopted the new General Data Protection Regulation (GDPR). GDPR is a significant change in data protection regulation in the EU and replaces the existing legal framework (the Data Protection Directive and the various member state laws). It came into effect on May 25, 2018.

Why is GDPR important?

GDPR adds some new requirements regarding how companies should protect individuals' data that they process. It also raises the stakes for compliance by increasing enforcement and imposing greater fines for breaches.

What has Rate My Meeting done to comply with GDPR?

I work hard to meet our obligations as a processor under Article 28 of GDPR. To this end:

  • I continue to process your customer and end user data per your instructions.
  • I have implemented appropriate technical and organizational measures to protect the data with which you entrust me.
  • I have provided a list of our sub-processors.
  • I have instituted a policy informing and obligating our employees (which today are none), to maintain the confidentiality of your information.
  • I have instituted a procedure to assist you in complying with requests for access, amendment or deletion that you may get from your customers or end users.
  • I will delete your customer/end user information at the end of our agreement with you, if you ask me.
  • I have appointed a representative (me!) as required by Article 27 of GDPR.

Does GDPR require that my information be stored in the EU?

No. Under GDPR a company is allowed to transfer personal data outside of the EU provided that it puts in place a mechanism, approved under GDPR, to make sure that personal data is adequately protected even when it is transferred outside of the EU.

How do you manage access to my information?

As of now my intention is to service DSR requests (such as delete and export) manually. If you have an account with me, you may access, correct, or request that I delete your personal data by contacting me at gdpr@ratemymeeting.co.

This request can include personal data of other individuals, like your employees or customers that you have provided to me and who have requested this of you. We will respond to these requests within 14 days or less, which is well within the GDPR requirement of 30 days.

Working with 3rd parties

I share certain information with companies that may be considered our "sub-processors" under GDPR. This information is limited to the following:

  • Rate My Meeting runs on Amazon Web Services, Postmark and EmailOctopus to offer the end to end services. These companies host any of our data on physical and cloud servers that I pay for.

Sub-processors and 3rd party services (in alphabetical order)

ProviderPurpose
AppziFeedback widget. Allows a user to send feedback within the web application on pages and features. No identifiable information is exchanged.
Google Calendar APIOptional 3rd-party service integration. When connected, allows Rate My Meeting to access and edit events on your Google Calendar(s). email
Google Tag ManagerClient side tag management. No identifiable information is exchanged.
EmailOctopusOptional Newsletter management. Facilitates sending the Rate My Meeting (monthly) newsletter to registered and subscribed users. nameemailusername
LinkedInOptional Single sign-on provider. Provides identifiable information stored on the 3rd party service with my system. email
PlausibleOn-page analytics. No identifiable information is exchanged.
PostmarkE-mail processor. Service to process inbound and outbound transactional e-mails that result from your interaction with the Rate My Meeting system. nameemail
SegmentServer side tag management. Non-identifiable usage data may be exchanged.
SentryApplication bug reporting. Non-identifiable usage data may be exchanged.
StripePayment provider. Stores your payment information and shares a non-identifiable token with the Rate My Meeting system for tracking payment statuses. nameemail
ZoomOptional 3rd-party service integration. When connected, announces newly scheduled Zoom meetings to be automatically added to your Rate My Meeting account. email