21st May 2018
Regulation (EU) 2016/679, the General Data Protection Regulation (“GDPR”), is European privacy legislation that takes effect May 25, 2018. It will replace the existing EU member state laws that implement the EU Data Protection Directive, which has been in existence since 1995.
GDPR & EarlyParrot
Our users’ privacy and individal rights are very important to us. We finished all the steps below before May 24th, 2018.
We also used Ecomply (GDPR task management tool) and created RPA as a data processor to make sure we went through every single requirement.
Information we store on our customers
All existing and future employees responsible of software development, design and infrastructure maintenance of EarlyParrot are aware of the GDPR requirements.
When a user registers and opts-in, he/she needs to fill out their: Email, First name, Last name. We also collect information such as IP address (to determine country of origin), billing information (if required) and also VAT details (if required).
Information we store on our customers’ subscribers
We may collect and store information from your end-users (subscribers) regarding their use of your website. Information such as: pages visited, links clicked, non-sensitive text entered, mouse movements, as well as information more commonly collected, such as his/her IP address, referring URL, browser, operating system, cookie information, device and any other information from the visitor regarding his/her use of your website.
If a visitor opts-in to your campaign, we store first name, last name and email address as provided by the user. This information is used to handle your referral campaign. You can choose to delete this information manually.
We also collect the date stamp, timestamp, IP address of your subscribers so you can easily demonstrate consent.
It is important to mention that: EarlyParrot does NOT share your subscribers’ information with 3rd party tools, unless you consent and integrate it from your side. Also EarlyParrot DON’T use this data for advertising, analytics or any other revenue model.
The right to be informed: we inform our users about the use that will be made of their data. Our users can request the full RPA report via email ([email protected]).
The right of access: our users can access all their data from their dashboard.
The right of rectification: our users can update their information anytime they need through their profile page.
The right of erasure: Our users can request to delete their account and all the information related to it via our live chat or via emailing us at [email protected]
The right to restrict processing: We have processes in place to ensure that we respond to a request for restriction without undue delay and within one week of receipt. We have appropriate methods in place to indicate and restrict the processing of personal data on our systems.
The right to data portability: Our users may contact us anytime if they wish to get an export of their data. We have processes in place to ensure that we respond to a request for data portability without undue delay and within one week of receipt.
Data Processing Agreement
Ask us for our DPA (Data Processing Agreement) and we will send it to you via email.
You can email it back to us once you signed it to [email protected]
3rd parties we use
We use platforms and tools like BrainTree, Amazon Web Services, Google, Crisp, CloudFlare, MailChimp and Smartlook.
We will add more platforms in the future
A personal data breach refers to a breach of security that can lead to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Our duty is to keep our users’ information safe, and report certain types personal data breach to the relevant supervisory authority within 72 hours. We also understand we must inform affected individuals without undue delay.
We take our users’ personal data, business information and our system security very seriously. These are a few implemented procedures and methods that we take:
- We use 2-Factor-Authentication on our sensitive accounts (eg. hosting provider, etc.)
- Access to our server systems is allowed only from specific IP addresses
- Always adding more automatic security tests to monitor the system
What should you do to go along with the GDPR?
- Make it clear to the subscriber what information you collect
- Make it clear to the subscriber why you are collecting their information
- Make it clear what information you will send them and how often
- Add a checkbox if you want your subscribers to agree to your terms of service.
Also, don’t create pre-ticked boxes or any other type of default consent.
- Delete subscribers from EarlyParrot if you don’t need them anymore or if you were asked to.
- Show your clients you have a DPA (data processing agreement) with EarlyParrot by signing our DPA and emailing it back to us at [email protected]