Customers use the Seal Platform to capture and securely store sensitive research data, including the data that drives new discoveries and patented product development. Seal respects the sensitivity of such data, and so ensures that systems and procedures are in place for maintaining data in a secure manner. Additionally, Seal respects the privacy and confidentiality of customer data and does not process or store such data, unless required during platform set up and customer onboarding. Following use where required, all data stored for such purposes is to be removed from internal systems. The following provides a brief summary of how Seal processes confidential data, and does not serve as legal counsel.

Types of Data that can be stored, with consideration to GDPR

The General Data Protection Regulation (GDPR) does not not explicitly state what data types that can be stored, but it does impose strict rules on how and why personal data is collected, stored, and processed. Any type of data that can be linked to an identifiable individual — such as names, email addresses, IP addresses, or even device identifiers — falls under GDPR’s regulations, if it pertains to EU residents. It is worth noting that GDPR places additional restrictions on certain categories of personal data which are considered more sensitive. The sensitive nature of these categories mandate for stronger controls to safeguard individual privacy. Please refer to relevant GDPR documentation for more information.

Confidentiality Scope and Agreement

Pre implementation and onboarding, expectations are set out regarding data confidentiality and privacy between the Data controller and Data processor.
  • Data controller: the customer, who may be tied to other contractual agreements with other organisations
  • Data processor: Seal
As an example, the data controller will need to identify various types of information, such as (but not limited to):
  • Personal data and data subjects: this includes information that relates to individuals or groups who can be directly or indirectly identified
  • Data processing: any action that will be performed on the data, whether automated or manual
  • Purpose limitation: processing of data for legitimate purposes according to what is defined by the data controller
  • Storage limitation: storage of data for as long as necessary for the specified purpose
  • Laws under which the data is governed under
If necessary, a Data Processing Agreement (DPA) may be drafted. This agreement will rely on transparency from both the data controller and processor to understand their obligations under data protection regulations.

Configuring the Seal Platform

During the implementation phase, customers may also utilize anonymized or dummy data to test workflows, integrations, and functionality without exposing real, sensitive information. Seal recommends this approach to allow teams to replicate daily workflows and scenarios to ensure that the Seal system operates as expected, while still maintaining data privacy and compliance.
  • Anonymized data -> mirrors actual data structure but removes any personal identifiers
  • Dummy data -> generated to simulate typical user inputs or transactional information.
By using the above data types, customers can confidently validate configurations, troubleshoot potential issues, and conduct user training sessions without potentially risking data security. Note that Seal only processes personal data on behalf of the customer, in connection with the provision of services, and in accordance with the customer’s instruction and guidance. It is the customer’s responsibility to provide and enable access to the appropriate data for platform configuration, and at the customer’s discretion to ensure that the data shared complies with the appropriate data regulation principles.

Post Implementation Support

Customers maintain full ownership and oversight of their data within the Seal Platform. During support, or when further configuration assistance is required, customers should grant access permissions to the Seal Team to enable Seal Support to view or interact with the platform, for troubleshooting purposes.

Seal’s Guarantee

Seal is committed to, and is always working to stay compliant. This includes (but not limited to):
  • Complying with applicable data protection laws in relation to storage and processing of customer data
  • Offering additional security features to protect more sensitive data, upon customer request
  • Supporting in creation of documentation and resources for customer privacy assessments and audits
  • Committing to continuously evolve Seal’s data security and protection capabilities as the data landscape changes
Please refer to our Data Storage and Security and Back-Up and Disaster Recovery pages for more information.
Any questions or privacy inquiries?Email support@seal.run.