Monocl FAQ – GDPR and Privacy

May 25th 2018 marks the start of enforcement of the European Union’s General Data Protection Regulation. This new piece of legislation has had a great impact on anyone whose business involves handling personal data about EU residents or within the EU. Personal data is at the core of working in customer-oriented roles such as marketing, medical affairs and sales. This new legislation is comprehensive and consequently, operating with a targeted approach to customers and external stakeholders has never been more important. Monocl has taken several measurements to ensure that we are compliant with the new legislation. This FAQ documentation has been generated to support your internal compliance processes.

1. GDPR overview

What is GDPR?

General Data Protection Regulation (EU) 2016 / 679 (“GDPR“) is a legislation from the EU regulating privacy issues.

What are personal data?

Personal data are, in accordance with the GDPR article 4, any information relating to an identified or identifiable natural person. Examples include names, e-mail addresses, identification numbers, location data etc.

What are special categories of data?

Special categories of data are, in accordance with the GDPR article 9, “personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and /…/ data concerning health or a natural person’s sex life or sexual orientation”.

2. Monocl platform compliance

How does the publication of personal data in Monocl platform comply with GDPR?

Monocl’s platform is owned by Monocl AB. Monocl AB operates under a publishing certificate for its platform, which has been issued by the Swedish Press and Broadcasting Authority. CEO Björn Carlsson is the editor-in-chief for the platform. By means of this certificate, Monocl is encompassed by the Swedish voluntary constitutional protection available in accordance with the Swedish fundamental law (1991:1469) on freedom of expression, chapter 1, § 9, second paragraph. More information about publishing certificates is available here: link.

Since Monocl has a publishing certificate, the GDPR does not apply for Monocl’s publication of the personal data included in the database, pursuant to national Swedish law (see reference above) in accordance with § 85 (processing and freedom of expression and information). Please contact us in case you wish to obtain a copy of the publishing certificate.

Which kinds of personal data are included in Monocl’s platform?

We include names and e-mail addresses to the experts included in the database. This information is derived from publicly available databases.

Does Monocl include special categories of data in the platform as referred to above?

We do not include any personal data in our platform which would be defined as special categories of data in accordance with GDPR.

Where does the data included in Monocl’s platform originate from?

All data in the platform originate from public sources. The personal data included are thus already published on the Internet.

Where are the servers containing all data for the platform located?

The servers for the platform are located in Ireland. The source data is also located on the server of the respective data provider.

How do you handle requests from individuals (experts) wishing to be removed from the platform?

Data subjects’ ownership of their personal data is at the heart of the GDPR. We certainly do not wish to include an individual in the platform against his or her wishes. If an individual would ask to be removed from the database, we recommend the individual to contact the owner of the database which is the source for our inclusion of data about the expert. If the expert is removed from such database, the expert will be automatically removed from our database as well. Please contact us in case you wish to obtain a list of sources and get further support in this matter.

3. Regarding the use of the information included in the Monocl platform

Can I store data included in the Monocl platform?

If you wish to download information from Monocl’s platform and store it, you need to ensure that you comply with GDPR and/or any other applicable privacy laws (which are dependent on your location). If you wish to store data in a cloud solution, you need to ensure that you have the right to transfer the data. These rules apply for any data to be included in e.g. a CRM system and apply for all vendors providing data.

Does the GDPR Mean that Direct Marketing is not Allowed?

No. Direct marketing is specifically mentioned (in recital 47) as a legitimate interest where personal data may be processed under certain circumstances, after making an assessment of the interests of the data subject versus the data processor and provided that the interests of the data subject do not override the interests of the data processor.

We do not. We source data and apply machine learning to generate each expert profile. Our publication of personal data is based on our publishing certificate and not on obtaining consent. If you wish to contact an expert included in the database, you need to comply with any applicable marketing and privacy laws.

4. Documentation

Our Privacy Policy and End-User Agreement are constantly being revised to increase transparency and to make sure the documents meet GDPR requirements. As these form the basis for our relationship with you, it is very important for us to comprehensively and openly explain our commitments and your rights in these documents. Additionally, we are constantly mapping and evaluating all our data processing activities in order to ensure that we are compliant with the GDPR requirements.

5. Contact details and more information

If you have any questions with regards to the above, you are welcome to reach out to us at privacy@monocl.com and we will do our best to explain things further.

We are firmly convinced that meeting GDPR requirements is much more than just checking off boxes in a list. For us, the GDPR is truly a lifestyle of respect to individuals’ privacy and responsibility in handling personal data.