The GDPR, Optinize & You
At Optinize we’ve been taking privacy seriously, well, always, and, in this sense, the GDPR provides us with further justification for what we’ve been doing all these years. On the other hand, on a macro level, we see the GDPR as setting a new baseline, ingraining protection of personal data into the core of business practices around the world.
In regard to the May 25th 2018 GDPR enactment date, from Optinize’s internal system’s perspective, we have reviewed and documented processes and procedures, updated documentation, reviewed and tightened some of our security provisions, added some specific positions and auditing committees etc. to be extra sure that everything is in order when 25.5 rolls around, and to make sure we can respond to requests from our customers arising from their rights as described by the GDPR, e.g. your “right to be forgotten”.
How Optinize helps you comply with the GDPR
Perhaps most interesting to you as an Optinize customer are the features of our system that make it easier for you to ensure your compliance with the GDPR, as follows:
While there is a good chance that you already have processes in place, perhaps even in Optinize, our system can help you make sure that you can respond to subscriber requests stemming from the GDPR expanded individual rights.
Knowing what data you collect about your subscribers (right of access)
End-user data correction (right to rectification) – According to the GDPR’s right to rectification, subscribers may request that you correct their data at any time. You can do this at anytime through your Optinize account and your subscribers may request this to be done directly from Optinize at no cost to you or them.
Deletion requests (right to be forgotten) – Per the GDPR’s right to be forgotten, your subscribers can request to be completely removed from your systems at any time. Optinize will respond promptly if needed and will completely delete your user’s information from its systems. If this need arises, please contact our customer service and they will perform this procedure.
Objecting to use of data (right to object)
Moving your data to another system (right of portability) – Optinize gives you tools to export any of your data from Optinize to other systems, at any time you may choose. If you need help in doing so, we will gladly help you through the process. If you want your data completely deleted after exporting it, please contact our customer service and we will perform this procedure for you.
Consent and Processing
The GDPR lays out what you must do to lawfully collect and process personal data and email addresses from your subscribers and clients. Collecting subscriber data and requesting consent upon collection are one of the primary ways in which you can use the Optinize system, and we provide you with the means to help you comply with the GDPR in this context:
- Optinize offers you an easy to use landing page builder and signup forms which you can place on your landing pages, which help you collect information on leads and subscribers.
- When you design your landing pages and forms, make sure that, in a footer / disclaimer or in the body itself, you clearly indicate which information you would like the user to provide and describe your intended use of this information.
- Get your subscribers’ explicit consent that their data can be transferred to and processed by you.
- Always provide your subscribers with a simple way to “unsubscribe” and “change preferences, so that they can withdraw consent or change their data usage preferences. Optinize makes your job easy here by automatically adding an unsubscribe footer to all emails.
- Make “double” sure your subscribers wish to opt-in to receive emails using the Optinize double opt-in option, by which you place opt-in checkboxes on your sign-up forms and also send registrants emails asking them to confirm their opt-ins.
- Immediately update any information stored in Optinize upon request from a subscriber.
- When a subscriber fills out and submits one of your Optinize signup forms, Optinize saves the email address, IP address, and timestamp associated with the submission, providing you readily available proof of consent. This helps you keep tabs on the consent given to you by your subscribers to send them marketing emails, store and use their personal data, or other types of processing for which you received their consent.
IMPORTANT: The GDPR doesn’t differentiate between consent given prior to enactment or post-enactment, i.e. any subscriber consent must comply with the GDPR. Consequently, you should obtain legal counsel regarding compliance of any pre-May 25th 2018 consent with the GDPR, to check whether you may need to request additional / different consent.
Consent and 3rd Parties
Optinize offers various types of integrations with 3rd party apps, greatly increasing the sphere of things you can do with and through Optinize. Many of these integrations involve transfer of data to and / or from the 3rd party systems, and processing of such data in these systems. If you make use of any such integrations, you need to be careful that any consent that you obtain from your subscribers also permits transfer to and processing of information by the 3rd party systems.
Your Privacy Statement
Implicit from all of the above, is that you should make sure your own privacy statement reflects that certain parts of your subscribers’ personal data will be transferred to and processed by Optinize. For example, you may want to consider updating your privacy statement to specifically identify Optinize as a personal data processor on your behalf, and mention how you use Optinize to collect and process this data.