Your 8 rights under the GDPR

There is currently no accredited third-party certification for GDPR, so compliance cannot be claimed by any organisation. However, we have prepared a brief summary of ISL Online's responses to eight individual rights under the GDPR. Organisations using ISL Online services can use these guidelines to ensure the compliance of their remote desktop solution with the GDPR requirements.

To ensure the privacy and protection of the personal data GDPR empowers you as an ISL Online customer with 8 fundamental rights.

Right to be informed

You have the right to know what personal data of yours do we process and what is the reason for such processing. Refer to our Privacy Policy for more information on data collection and processing.

Right of access

Upon your request we will provide an insight or copies of your own personal data we process.

Right to rectification

If you believe your personal data is not up to date or accurate, you can always modify it within your ISL Online account. You can also contact us directly to edit or rectify your information.

Right to be forgotten

You have the right to be forgotten and ask us to erase your personal data once you stop using ISL Online services and products. We will remove your personal data from our databases where such removal is possible from the legal and technical perspective.

Where the removal of data is not possible due to the technical reasons, we will apply a deidentification technique called pseudonymization. For more information refer to our Privacy Policy, Article 19.

Right to restriction of processing

You have the right to withdraw any consent you gave us to process your personal data. Upon such request, we will restrict our processing of your personal data to the extent that would still ensure you the continuous use of ISL Online products and services.

Right to data portability

Upon reasonable request we will export your data so that it can be transferred to any third party.

Right to object

You have the right to demand that we stop processing your personal data for any reason. You can unsubscribe at any time to any specific use of your information (newsletter, automatic emails, etc.).

Rights in relation to automated decision-making and profiling

Your personal data we collect and store is not being profiled for any marketing or other activity not related to the legitimate purpose of enabling you access to ISL Online products and services.

Are you ready for the GDPR?

Do you work with anyone in the EU?

If you offer remote support to or access remote computers of EU customers or organisations, you need to comply with GDPR new rules. If you work exclusively with non-EU data subjects the GDPR doesn’t apply to you.

Ask for consent before a remote desktop session starts

Administrators of Self-Hosted systems might want to set up a start-of-session dialog to present a disclaimer and ask user for a consent before the remote support session starts (learn how). A similar disclaimer and a request for consent can be configured for users joining the live chat sessions.

Learn how to delete users’ data

Users of our cloud solution are able to request the deletion of their accounts and session details from within their accounts (login is required). ISL Online Headquarters solely will process these requests.

Administrators of Self-Hosted systems are able to delete users’ accounts and session details pertaining to a data subject (Operator and Client) by logging into ISL Conference Proxy (/conf) and using the personal data eraser tool.

Please notice that for the security reasons, your identity will need to be authenticated before processing any requests to retrieve or delete personal data. We have set up several administrative and technical safety measures in order to avoid potential social engineering attempts.

Find out what data and where it is stored

ISL Online strives to minimize the collection of personal data. Due to the AES 256-bit end-to-end encryption, even the administrators of the ISL Online network cannot see the content of the remote desktop sessions. The data transferred between operators and clients during sessions is NOT stored on ISL Online’s servers. For the legitimate purpose of enabling access to the ISL Online products and services only the basic session parameters (metadata) of remote desktop sessions is collected and securely stored.

However, we do collect and store metadata of remote desktop sessions. This is needed for the legitimate purpose of enabling access to the ISL Online products and services explicitly requested by you. The list of metadata stored on ISL Online’s servers may include personal data:

  • User name
  • Email address
  • IP address
  • MAC address

You can find this information by logging into your ISL Online account and selecting the “Reports” tab (read how). There you can see a history of remote desktop sessions with your clients, including the end-of-session dialogs. If your client wants to have access to this information, you can export it to a .csv file and send it to them.

Consult with your legal counsel

The information on this page is designed to help prepare ISL Online users for the GDPR in the context of our services and should not be taken as legal advice. Additionally, there may be parts of the legislation that affect other aspects of your business as well.

We recommend you seek qualified legal counsel to determine what compliance measures you need to carry out to be fully compliant with the GDPR.

Read how will GDPR change remote desktop services and how ISL Online uses your data on our blog.

General questions on the GDPR

What is GDPR?

The General Data Protection Regulation (GDPR), which comes into force on May 25, 2018, standardises data protection law across all 28 EU countries by setting new rules designed to give EU citizens more control over their personal data and clarify what companies that process personal data must do to safeguard people's rights.

What is personal data under the GDPR?

The types of data considered personal under the existing legislation include name, address, and photos. GDPR extends the definition of personal data to any data which could be processed to uniquely identify an individual. IP address, MAC address and cookies are some examples.

To whom does it apply?

GDPR applies to any organisation operating within the EU, as well as any organisation outside of the EU which offers goods or services to EU customers or businesses.

Tough Security Built in

ISL Online (XLAB) is a global company headquartered in the EU. In cooperation with our Authorised Partners we provide remote desktop software and services to our customers from over 100 countries. We have always considered the privacy and security of our users and data protection very seriously. Since 2003, we have been implementing different technical security measures and applying administrative procedures in order to protect the data of our users.

Read more about ISL Online strict security
ISL Online Security