GDPR & Compliance

Legal FAQ

Is Meetric GDPR / SCHREMS II compliant?

Meetric is fully equipped to ensure compliance with both GDPR and Schrems II requirements, underscoring our commitment to data privacy and security. Our corporate and operational base is in Sweden, with data storage and server infrastructure securely hosted in France by Scaleway.com, a hosting provider whose ownership is within the European Union. We rigorously adhere to a policy of engaging only with sub-processors that are based within the EU, ensuring an unbroken chain of compliance and data protection.

For entities that operate under implied consent frameworks, we continue to support the distribution of standard meeting invitations. These are complemented by pre-meeting reminders that thoroughly inform participants about the recording and analysis processes, seamlessly integrating consent into the usual meeting workflow.

Alternatively, for organizations necessitating explicit consent, Meetric offers a sophisticated landing page solution. This approach redirects participants to a consent page, providing them with multiple options to actively grant permission, thereby facilitating compliance with specific regulatory requirements.

Meetric employs stringent measures to safeguard your data, in strict accordance with GDPR regulations. This includes the encryption of data wherever feasible and adherence to best practice security guidelines—a testament to our dedication to data protection.

While Meetric provides comprehensive tools and resources to aid in GDPR and Schrems II compliance, it is imperative to note that the responsibility for compliance ultimately resides with the data controller. It is essential for controllers to ensure that all data is managed within the Meetric platform and that they are fully conversant with the regulatory obligations pertinent to their specific operational regions.

What are the consent requirements for video recordings in the EU and the US?

The regulations governing consent for recording conversations and data handling vary across the European Union and various states in the United States. The complexity of these regulations can be broadly categorized into two distinct sections:

Legality of Recording Conversations: The first section addresses the conditions under which recording a call or meeting is legally permissible. This varies from jurisdiction to jurisdiction; some require active consent from all involved parties (two-party consent), while others mandate consent from only one participant (one-party consent). For detailed information regarding the specific requirements of each country or state, please refer to the comprehensive overview provided at Telephone Call Recording Laws.
Data Storage and Processing: The second section focuses on the protocols for storing and processing the recorded data, a domain where the General Data Protection Regulation (GDPR) plays a crucial role. GDPR mandates strict guidelines for the handling of personal data within the EU, emphasizing the importance of safeguarding privacy. It sets forth principles for lawful processing, including obtaining valid consent, ensuring data security, and upholding the rights of individuals regarding their data.

For organizations like Meetric, navigating these regulatory landscapes necessitates a flexible approach to consent management, tailored to accommodate the varying legal frameworks of different regions. This includes implementing mechanisms for both active and passive consent, in alignment with local laws for recording, as well as adhering to GDPR standards for data storage and processing. Ensuring compliance with these regulations not only fortifies data privacy and protection measures but also reinforces the trust and confidence of users and stakeholders in the organization's commitment to lawful and ethical data practices.

How does Meetric handle consent for video recordings?

Meetric prioritizes a streamlined consent process by initially adopting a passive consent mechanism, where meeting reminders are sent prior to the event. These reminders not only serve to inform participants about the forthcoming recording but also integrate a clear and concise text within the meeting invitation itself. This dual-notification approach ensures participants are fully aware of the recording practices, facilitating a transparent and effortless consent gathering process.

For instances necessitating an active consent framework, Meetric introduces the "Meetric links" feature. This option redirects participants to a landing page dedicated to active consent, where they must explicitly agree to be recorded before proceeding to the meeting. This method is tailored to accommodate diverse consent requirements and preferences, enhanced by offering a variety of consent options. By clearly informing participants in both the meeting invitation and through an active consent landing page, Meetric ensures comprehensive compliance and participant awareness across all scenarios.

See the example below:

What Does Meetric have a pop-up for consent?

Yes, Meetric incorporates a feature similar to a pop-up, offering an active consent landing page, which is in line with GDPR compliance.

Is Meetric GDPR-compliant even without opt-in pop-ups?

Meetric is GDPR-compliant, emphasizing encryption and secure data storage within the EU. It ensures no personal data is stored or processed outside the EU or by non-EU based vendors. But getting concent from participants is a critical part but how its done is different based on your business.

What are the responsibilities of Meetric's customers regarding consent?

Customers are responsible for obtaining the necessary consent from all meeting participants and ensuring their use of Meetric complies with relevant laws, including GDPR and any applicable US regulations.

Can Meetric's transcription function be used without video/call recording?

Meetric requires an initial video recording to transcribe meetings, but the recording can be automatically removed after processing, allowing for the retention of transcripts and summaries without the video or the call.

What should be done with recordings made without proper consent?

For recordings made without proper consent, especially in all-party consent regions, Meetric recommends deleting these recordings and implementing the active consent page or other means to prevent future compliance issues.