WebKontrol is committed to the highest standards of data security. We value the trust granted to us by the most demanding American and European corporations to store and process video fingerprinting data of their exclusive media content. WebKontrol implements robust digital information protection practices to ensure our clients’ data is safe and secure at all times. Regular security checks and audits are performed to enhance the system and adopt the most effective safeguarding policies and tools available.
WebKontrol internal and client data is hosted at Hetzner, a data center certified in alignment with ISO/IEC 27001 standard. All servers are configured to only enable connections and communication via protocols and ports required for operating. WebKontrol keeps file integrity checks in place to avoid risk of modification of its operating system, software and data. Network and logs into the system are continuously monitored to identify behavioral anomalies. Two-factor authentication is necessary to access environments containing customer data.
WebKontrol collects and stores minimum customer data. WebKontrol has access only to information which is necessary to perform the service:
WebKontrol does not have access to or stores video files used for generation of video fingerprints at any time. Video fingerprints are not reversible and cannot be transformed back to original video files. Without metadata, it is also not possible to identify media assets by its respective fingerprints.
WebKontrol is committed to transparent procedures of processing customer data in full compliance with US and EU legal regulations, as well as specific client requirements.
WebKontrol may collect technical data, including IP address, domain names, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system details and other technologies on the devices used to access the service. This information is utilized to measure and assess number of visits, average time spent on our client dashboard and website, specific pages viewed and to improve end-user service experience.
Data Privacy and Retention
Data Protection and Encryption
WebKontrol has established policies and procedures to ensure that unauthorized parties cannot access customer data. Authorized employees can use data while being prevented from damaging or abusing it in any way. Encryption is the main measure implemented to protect privacy. Anyone without a private encryption key is denied viewing data. All databases and database backups are encrypted. The encryption is deployed with open source and industry-standard technologies that include Transport Layer Security (TLS), Secure Shell/Secure FTP (SSH/SFTP), and AES. WebKontrol is maintaining separate regional environments to provide assurance of data locality.
Based in Vilnius, Lithuania (European Economic Area), WebKontrol is subject to the General Data Protection Regulation (EU GDPR) that came into force on May 25, 2018. At present moment, the regulation remains one of the most comprehensive security and privacy policies in the world. WebKontrol is fully compliant with the GDPR, ensuring all technical measures are taken to provide the highest level of data security.
Under the GDPR there are two conceptual roles that define and regulate responsibilities of the parties involved in data management. By controller, the law understands an entity or a natural person that decides why and how personal data is gathered and stored. A processor signifies an entity or a person in charge of processing this information. In some cases, the party may perform both functions at the same time. WebKontrol acts as a controller when collecting information and is fully devoted to compliance with legal obligation imposed on the controller under GDPR. Under some contractual obligations, WebKontrol may also act as a data processor when engaged in scanning and analysis of a video database on behalf of the controller. WebKontrol complies with all requirements imposed on data processors as well.
Measures implemented by WebKontrol are aimed to protect against any unlawful or illicit data use by internal or external parties and include but are not limited to:
– Access rights management
– Regular reviews and audit
– Due diligence procedures
– Physical security
– Network security
– Cybersecurity measures
– Confidentiality and privacy policies
– Appropriate documentation and device disposal
WebKontrol evaluates all data gathered to ensure we meet compliance obligations under GDPR at all times.