GDPR Compliance and TechSmith Products

 

TechSmith makes software, services, and apps to help you capture your screen, create visuals, and make videos. Some of the content you create may contain personal information about you or others. It is important to us that this information is protected according to all applicable laws including the General Data Protection Directive from the European Union, GDPR.

 

What is GDPR?

GDPR is a single regulation that unifies data protection requirements for all EU member states. It came into effect on May 25, 2018.

GDPR has a several principles and requirements for the fair processing and protection of personal information. Ultimately, the goal is to ensure that personal information is processed lawfully, with the knowledge or consent of the individuals involved, and protected against unauthorized use or access.

 

What is personal information?

Under GDPR, personal information is any information related to an identified or identifiable data subject. Under this very broad definition there are many items that may be collected in screen shots or videos. Depending on the context of the content, simply having someone present in a video may itself be considered personal information.

 

What are TechSmith’s responsibilities under GDPR?

Often when you use our products, TechSmith does not have access to the resulting content. Like a word processor, the content, be it a video or a screen capture, will be resident on your computer or within your network. In these instances, it is your responsibility to be GDPR compliant.

In other situations, TechSmith stores your content for you. We also may provide services to share your artifacts with others and receive comments about your work.

When personal information is processed, there are two roles that need to be considered.

  • A Data Controller is the group or individual that decides what information will be collected and how it will be processed.
  • A Data Processor is the group or individual that actually processes the information.

When you use TechSmith services to store, distribute, and host reviews of your work, you are a data controller. You decide who the work will be shared with and how long it is kept for example.  You also have decided that TechSmith will be your data processor.

TechSmith may only process personal information based on your direction. Even though TechSmith stores information on your behalf, we are still the data processor and you are the data controller. TechSmith does not use your content for our own purposes without your consent.

As data controller, you are accountable under GDPR to assure that the principles and requirements mentioned above are met regardless of where the data is being stored or processed. This includes verifying that the principles and requirements of GDPR have been met by TechSmith.

 

What do I need to do?

If you are using our products for personal use, GDPR does have an exception for using personal information for purely personal or household activity. TechSmith, however, still remains a data processor if this exception applies to you, so we must meet our GDPR obligations.

If you are a business using TechSmith products, we encourage you to review the personal information you are collecting with our tools, how you are using the information including with our services, and where the people reside whose personal information may be revealed in your works to determine if you are required to be GDPR compliant.

As a business, in some cases you may need to establish a Data Processing Agreement (DPA) between your organization, as the data controller, and TechSmith, as the data processor. The table below provides is specific information for each of our products and services and the need for a DPA if personal information from EU-based individuals is being captured.

Product

DPA Required?

Comments

Snagit

No

Your content is stored locally unless you agree to and set up additional services with TechSmith.

Camtasia

Maybe

Quizzing functionality, by default, submits data to TechSmith services for processing, therefore it requires a DPA if this functionality is in use. 

If quizzing is not in use, your content is not submitted to TechSmith unless you agree to and set ups additional services with TechSmith, so a DPA would not be needed.

Video Review

Yes

Your content is stored in TechSmith’s cloud environment.

Relay

Yes

Your content is stored in TechSmith’s cloud environment.

Screencast

Yes

Your content is stored in TechSmith’s cloud environment.

Morae

No

Your content is not submitted to TechSmith.

Jing

Yes

The sharing function submits data to TechSmith’s Screencast service for processing.  A Screencast.com account is required to use Jing, therefore a DPA is required.

                       

If you want to review our data processing addendum, please click here.

 

What about registration information?

Of course, we collect personal information in several circumstances to operate our business. The protection of this information is GDPR compliant as described in our TechSmith Privacy Policy.