What is it?
The General Data Protection Regulation (GDPR),
is a European privacy law approved by the European Commission in 2016
and went into effect May 25th 2018. The GDPR replaces a prior
European Union privacy directive known as Directive 95/46/EC which has
been the basis of European data protection law since 1995. The GDPR is
an attempt to strengthen, and modernize EU data protection law and
enhance individual rights and freedoms, consistent with the European
understanding of privacy as a fundamental human right. The GDPR
regulates, among other things, how individuals and organizations may
obtain, use, store, and remove personal data. In a nutshell, it's giving
EU citizens and residents control over their personal data while
simplifying the regulatory environment for international business that
takes place in the EU.
The Data Protection Principles include requirements such as:
- Personal data collected must be processed in a fair, legal, and
transparent way and should only be used in a way that a person would
reasonably expect.
- Personal data should only be collected to fulfill a specific purpose
and it should only be used for that purpose. Organizations must specify
why they need the personal data when they collect it.
- Personal data should be held no longer than necessary to fulfill its purpose.
- People covered by the GDPR have the right to access their own
personal data. They can also request a copy of their data, and that
their data be updated, deleted, restricted, or moved to another
organization.
Why is it important?
GDPR adds some new requirements regarding how companies should
protect individuals' personal data that they collect and process. It
also raises the stakes for compliance by increasing enforcement and
imposing greater fines for breach. Beyond these facts it's simply the
right thing to do. At OptimizePress we strongly believe that your data
privacy is very important and we already have solid security and privacy
practices in place that go beyond the requirements of this new
regulation.
OptimizePress's commitment to data privacy and GDPR Compliance
Our compliance, privacy
and information security teams worked on many updates to ensure our compliance to GDPR policies.
Platform Updates
We have conducted a company wide review of all our current solutions
and jhave added new features to assist our customers in making
their websites GDPR compliant
These include:
- Consent Checkboxes on opt-in forms in OptimizePress 2.0 (LiveEditor)
- Consent Checkboxes on opt-in forms in SmartTheme
- Consent Checkboxes on opt-in forms in OptimizeLeads
- Transmitting consent data to third party integration via tags or custom fields (platform wide where possible)
Data Processing Agreement
We offer a data processing agreement (DPA)
for our customers in the EU who use OptimizeLeads (this is the only
software where we act as a processor). Our DPA offers contractual terms
that meet GDPR requirements and that reflect our data privacy and
security commitments to our customers.
There is no need for a DPA for users of our themes and plugins as we
do not see any of your customer or prospect data as this is all
controlled within your own website.
To guarantee no terms are imposed on us beyond what is reflected in our DPA and Terms of Service,
we cannot agree to sign customers’ DPAs. As a small team we are unable
to make individual changes to our DPA as we do not have a legal team on
staff. Any changes to the standard DPA would require legal counsel and a
lot of back and forth discussion that would be cost-prohibitive for our
team.
If you have any questions or concerns please let us know.
Clear and concise terms of service and privacy policy
At OptimizePress we practice transparency internally and we believe
that transparency extends to our customers. With our updated Terms of Service and Privacy Policy we
openly describe what personal data we are collecting, processing, why,
how we use it, who we share it with and how long we store it.
We have always made an effort to keep the language in our Terms of
Service and Privacy Policy as clear as possible and we have updated
these notices to describe how we are respecting and protecting your
personal data. We hope you find it concise, transparent, intelligible
and easily accessible.
Consent
We've updated our cookie policy to
provide you with complete transparency into what is being set when you
visit our site and how it's being used. On our cookie policy page you
can also read about steps you can take in order to control how your
browser handles cookies.
Data Inventory
We have reviewed and identified all the areas of OptimizePress where
we are collecting and processing customer data. Using this matrix we
have validated our legal basis for collecting and processing personal
data and double checked that we are apply the appropriate security and
privacy safeguards across our entire infrastructure and software
ecosystem. Our Privacy Policy identifies what we are doing with the data we collect and how we manage consent.
Updates to our third party vendor contracts
We have reviewed all third party vendors which we may use for
processing of your data. As per our privacy policy, no data will be
sent to providers who do not conform to GDPR compliance standards.
We are here for you
We are working with our customers to answer any questions and address
any concerns regarding how we protect their personal data and gearing
up for GDPR. If you have any questions, please don't hesitate to contact us.
Policy Updated: 23rd May 2018