RIADVICE GDPR Compliance Statement

RIADVICE SUARL (“RIADVICE”, “we”, “our”, or “us”) is committed to protecting personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”). This statement complements our Privacy and Policy and outlines how we comply with GDPR as a Data Processor, our responsibilities, and the rights of our customers and users.

1. Overview

RIADVICE provides hosting and managed services for BigBlueButton and other applications used by educational and commercial organizations. Protecting the privacy and security of personal data is central to our operations. We ensure that all processing activities respect the GDPR principles of lawfulness, fairness, transparency, data minimization, and accountability.

2. Hosting for BigBlueButton and Other Applications

Our services enable real-time collaboration through features such as audio, video, chat, polling, and screen sharing. Some sessions may be recorded, depending on organizational policies and user consent. Recordings and participation data are treated with strict confidentiality and security.

3. Roles and Consent

In most cases, educational institutions or organizations act as the Data Controller, while RIADVICE operates as the Data Processor. Consent for data processing is obtained by the Controller through its Learning Management System (LMS) or other front-end platforms. RIADVICE processes personal data solely under the Controller’s instructions and in accordance with GDPR requirements.

4. Legal Basis for Processing

Our processing of personal data relies on one or more of the following legal bases under Article 6 of the GDPR:

• Contractual necessity: To provide and manage the hosting services subscribed by our clients.
• Consent: For features such as session recordings and cookies (where applicable).
• Legal obligations: For compliance with billing, taxation, and requests from law enforcement.
• Legitimate interests: To ensure service security, fraud prevention, and improvement of user experience.

5. Data Collection and Use

We collect and process only the personal data required to deliver services effectively, including:

• Usernames and participation details.
• Session content shared during online meetings (e.g., audio, video, chat messages).
• Technical metadata (IP address, browser type, operating system).

6. Data Retention

Retention periods are determined by the Data Controller. By default, session recordings and meeting data are automatically deleted after predefined timeframes unless requested otherwise by the Controller or required by law.

7. Security Measures

RIADVICE implements industry-standard security practices, including:

• Encryption of sensitive data.
• Access controls and authentication mechanisms.
• Regular updates and security patches.
• Staff training on data privacy and GDPR compliance.

8. Data Protection Officer (DPO)

Our Data Protection Officer oversees compliance and data protection strategies. Questions or concerns may be directed to: privacy@riadvice.tn.

9. Exercising Data Subject Rights

Under GDPR, data subjects have the right to access, rectify, erase, restrict processing, and request portability of their data. Users should first contact their organization (the Data Controller). RIADVICE, as a Data Processor, will assist the Controller in fulfilling such requests. Direct requests may also be submitted to RIADVICE when applicable.

10. Deletion Requests

Requests for deletion of personal data should be submitted through the Data Controller or directly to RIADVICE in line with our Privacy and Policy. Deleted data may remain in backups for a limited time due to technical and compliance reasons but will not be re-processed.

11. Subprocessors

To deliver our hosting and managed solutions, we rely on selected subprocessors. Each partner is bound by GDPR-compliant agreements and required to apply strict security measures:

12. Contacting Us

For further information about GDPR compliance or privacy practices, please contact us at: privacy@riadvice.tn.

Last Updated: February 25, 2024