GDPR FAQ

Below is the Libsyn GDPR FAQ. If you are looking for our Data Transparency Document click here.

You can read the FAQ below or there is a PDF Viewer at the end of this page. You can download the Libsyn GDPR FAQ by clicking here.

General Data Protection Regulation (GDPR)

Libsyn has prepared this FAQ to provide a high level overview about GDPR for our podcast producers (“Producers”) and for our listeners and to provide some information about the manner in which we are accounting for GDPR obligations with respect to Producers and listeners. This FAQ is not a replacement or substitute for our Data Privacy Transparency Statement, found here (link) and you should review that complete statement to understand our data protection policies.

For our Producers, all of the audience and subscriber information (whether it be surveys, demographic overviews, etc.) you receive from us is non-personally identifiable, anonymized and aggregated information. Because we are not sharing any of the personally identifiable information that we process with you, the audience and subscriber information we provide to you falls outside of the GDPR and its definition of protected “personal data” and data protection agreements would not be required. There is only one exception to this rule: those Producers who wish to use email lists of their MyLibsyn Premium Podcast Subscribers for permitted purposes. When we share those email lists with you moving forward, we will require appropriate data protection agreements be put in place for the protection of all parties involved.

For our customers, listeners, subscribers and other data subjects, our Transparency Statement describes to you our policies and procedures that we have enacted to collect and process personal data in compliance with the requirements and protections under the GDPR and this FAQ is intended to highlight key aspects of those policies and procedures.

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law giving EU individuals control over their personal data at all times, where ever that data may be located and regardless of who may obtained it.

When does it come into effect?

GDPR was approved in April 2016 but will begin to be enforced on May 25th 2018.

Libsyn is a US company. Are US companies required to comply?

Yes. Any company that stores or process personally identifiable information for EU residents will be responsible for complying with the new law, even if that company is not based in the EU. However, we value all of our customers’ privacy and that is why we have decided to implement these changes across the board for all customers regardless of their country of residence. While not required for those outside of the EU, we will switch to new GDPR-compliant privacy policies going forward for all.

Does Libsyn store ”Personal Data” as defined by GDPR?

Yes. Personal Data is considered any information which can uniquely identify an individual either directly or indirectly. Libsyn passes or stores various pieces of user information which would be considered personal data.

What Personal Data does Libsyn store?

We collect account information that you voluntarily provide to us when signing up for services or seeking support. As a data controller, we may collect and store information such as name, email address, physical address and phone number for billing or payment purposes related to use of the service.

Additionally, we may collect service-related information such as IP addresses, account activity or usage levels to better assist with service delivery and security.

Does Libsyn Share or Transfer Personal Data to Producers?

With the exception of opt-in Premium Subscriber lists as detailed below, Libsyn does not share Personal Data with Producers. As detailed in our Transparency Statement, we process Personal Data of listeners and subscribers to derive non-personally identifiable, anonymized and aggregated data that we share with Producers to help Producers better understand audience response to broadcast consent.

We also process limited podcast audience information per the Interactive Advertising Bureau standard using the combination of IP Address and User Agent (a string of characters that identifies the type/version of software that you are using to access content) to track podcast statistics. We do not expose or make this information available in any way to any third-parties (including Producers) that would identify individual listeners. We only provide podcast producers with aggregated statistics through the Libsyn website user interface. We reserve the right to research specific IP Addresses as may be necessary to protect our Podcast Services, our company, our people, and/or our systems. For example, we would research an IP Address that accessed our systems in the case of a suspected bot, rogue server or bad actor that may be affecting service delivery or performance. The raw data/logs containing this information are routinely purged and are not kept long term.This is done both due to the high volume of download information and the fact that podcast statistics are presented in aggregate through the Libsyn interface.

We process lists of MyLibsyn Premium Podcast Subscribers consisting of their email address, subscription level and sign-up date on an express, opt-in consent basis. Premium subscribers who choose to opt-in to these lists have access to exclusive benefits such as Premium Podcast information, special offers and access to bonus materials. In cases where Producers wish to obtain such lists of MyLibsyn Premium Podcast Subscribers to the Producer’s podast(s), the parties will enter into appropriate data protection agreements in compliance with the GDPR.

Does any of personal data leave Libsyn or is it transported to non EU countries?

Yes. Libsyn has a global reach and our customers from all over the world are important to us. This presence requires us to take a comprehensive look at privacy regulations. Our goal is to create the same privacy and security policies for all customers regardless of location and to work with each of our service providers and partners to protect personal data. Libsyn uses a few third-party applications as part of service delivery.

For PCI and security/privacy reasons, credit card information is transferred directly to our third-party payment processor Braintree (a PayPal company) and is not retained by Libsyn. You will receive transaction information from Braintree via the email you voluntary provide at the time you sign up or update your credit card information.

Similarly, wire transfer information you provide in order to receive payments from us are stored in First Commonwealth Bank’s secure environment for safekeeping.

Additionally, the email address that you provide at the time of service activation will be used by Libsyn for account, reporting, billing or support communications. You may also elect to receive Libsyn service, community, industry and podcast educational communications via the Libsyn Newsletter.

Libsyn uses Postmark for its system messages, Kayako for support and MailChimp as its marketing messaging platform and your email address will be transferred to those third party applications for processing on our behalf. WalkMe is also used for providing contextual help within the Libsyn user interface and may track progress in adding features or signing up for services.

• Postmark and Kayako are utilized to provide service related and support interactions related to delivery of Libsyn service. They are committed to privacy and specifically EU privacy standards. Postmark is registered under the EU-U.S. and Swiss Privacy Shield Frameworks. Information about Kayako’s GDPR compliance may be found here: https://support.kayako.com/article/1488-general-data-protection-regulation-gdpr-and-kayako
  • Postmark: https://www.privacyshield.gov/participant?id=a2zt00000004EKYAA2&status=Active
  • Kayako’s Global Data Processing Agreement: https://www.kayako.com/legal/data-processing-agreement
• MailChimp’s use of your email is in accordance with their Privacy Policy and Terms. You can unsubscribe at any time from the footer of the emails you receive.
  • MailChimp is also registered under the EU-U.S. and Swiss Privacy Shield Frameworks.
  • Mailchimp: https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active
• The GDRP compliance information for WalkMe can be found here: https://blog.walkme.com/walkme-gdpr-compliance/. WalkMe is registered under the EU-U.S. and Swiss Privacy Shield Frameworks.
  • WalkMe: https://www.privacyshield.gov/participant?id=a2zt00000004EVHAA2&status=Active
• We will store wire transfer information with First Commonwealth Agreement in accordance with a data protection agreement that complies with the requirements of the GDPR.

We will not otherwise distribute or sell your email address.

Are your data processing systems currently in line with GDPR?

Security and privacy of the information you provide to us as part of your Libsyn account is extremely important. We have made changes for GDPR compliance and will continue to add account preference and security features going forward. As part of this, you can expect to see some of the following updates:

• Changes to user consent upon sign up for Libsyn services
• Information on data transparency
• Email communications or system notifications

Going forward you may see some more of the following updates:

•  Additional information on data transparency
• Updates to Privacy Policy and ToS
• Changes to user consent which may affect how you sign-up or opt-in to services
• Libsyn Dashboard alerts or notifications
• Further email communications or system notifications to confirm user consent and data use
• Future changes to the UI for account preference related to security and privacy

We ask that you keep an eye for these changes and updates that may impact your account and take action when requested.

The below outlines our goals and an overview of policies being put into place to address GDPR. Official policies and statements will be reflected in our Terms of Service and Privacy Policy as noted above.

How can customers see the data that is being stored and how will data portability be addressed?

Users have access to the information that they have voluntarily provided including email address, media files and metadata in the Libsyn UI.

Podcast information can be downloaded or “ported” via an RSS feed sync. Libsyn service related requests should be sent to [email protected]. Account payment transaction information is available through the Settings tab in the Libsyn UI or can be requested from [email protected] for LibsynPro customers.

What is the retention period for the data processed on behalf of IPRT?

Libsyn’s policy is to ensure data integrity and retention for the period that a customer has active service with the company.

We collect account information that you voluntarily provide to us when signing up for services or seeking support. As a data controller, we may collect and store information such as name, email address, physical address and phone number.

Additionally, we may collect service-related information such as IP addresses, account activity or usage levels to better assist with service delivery and security.

Libsyn may retain account information, media files and metadata for a period of six months after service cancellation due to the nature of the automated process for suspending and closing accounts for nonpayment. When closing an account, users may delete all media files and metadata from the system before closing the account to ensure no data is actively retained.

Personal and credit card information is removed from our third-party merchant Braintree and no longer retained after service with Libsyn is cancelled.

Webmayhem dba Liberated Syndication or Libsyn is a wholly owned subsidiary of Liberated Syndication, Inc. a Nevada, U.S. Corporation which is publicly traded.
As a U.S. public company, account records and other financial documentation is retained for seven (7) years for tax purposes.

Additionally, a copy of internal email communications are archived and maintained indefinitely for legal purposes. These are maintained in an archived system with access restricted to systems personnel.

You may at any time, request that we delete your personal information. In the case where we must retain records according the company’s retention policy, you may request that your personal information be redacted from the accounting records.

PDF Viewer Option Below