GDPR Policy

General Data Protection Regulation and LinkPoetry

The General Data Protection Regulation (GDPR) adopted by the European Union entered into force in May 2018. This regulation poses a set of rules to how we communicate and interact with prospects and customers within the European Union and it focuses also on data storage and protection. The GDPR introduced some substantial changes to the previous norms that regulated those matters. 

But don’t worry, this is not rocket-science! LinkPoetry is fully compliant to GDPR and in this policy statement we will cover all the essential aspects of it. Just a quick note: while the GDPR uses the term “subject data”, in order not to create confusion we will use “subscriber data” instead. 

1. Data processing agreement

LinkPoetry stores all the subscribers’ data inside the WordPress database, and does not transfer any data to any services of our company.

2. Subscribers data

The majority of the concepts expressed inside the GDPR run around the notion of “personal data”. The definition given by the regulation is pretty strict: “Any information that could be used, on its own or in conjunction with other data, to identify an individual”. At LinkPoetry we store many information, for example the name, surname, email address and IP address. Clearly this is not forbidden per se, but we tell our users exactly what we keep track of, why we are doing that and with what purpose. 

The keyword here is transparency, and transparency starts with a clear privacy policy and, more importantly, consent.

3. How LinkPoetry treats consent

One of the most important aspects of the new regulation is how consent is given by users and how to keep a proof of it. To keep it simple: you have to make sure of what your subscribers give consent to during the subscription process. 

At LinkPoetry we show at subscription form according to what information we want to collect from our subscribers. Read more about subscription forms here.

Two key aspects is always considered: the double opt-in and the privacy checkbox.

  • the double opt-in is always a good practice and it is required by law in many countries to confirm the will of the subscriber. Basically, to subscribe, users must fill the form and activate their profile, giving their consent two times before the actual service starts.
  • The privacy checkbox option add a mandatory checkbox that block the subscription until our subscriber reads our privacy policy page and the data treatment disclaimers. 

The consent is any affirmative act a subscriber does while sending its data, if clearly and correctly informed. The privacy checkbox is not strictly required but it’s required to have a link to our privacy policy page.

4. Proof of consent

The GDPR requires to keep proof of user consent. At LinkPoetry, when a subscriber changes his profile by activating a specific list, he could be giving a specific consent (for example to send marketing emails). Our software provides a logging feature which records every change the subscriber performs on his profile, with a timestamp. 

5. Data stored by LinkPoetry

 Besides name and email address, our software can collect other data, if for example extra profile fields have been configured. Moreover, our software collects IP addresses at the moment of subscription and whenever a user performs an action on newsletters, if tracking is active. IP addresses are used for various features, from tracking to geo-localization. 

6. Data conservation 

One of the requirements of the GDPR is that you have to clearly inform your subscriber of how long you are going to keep their data on your servers. This info must be stated clearly in your Terms & Conditions page. The reason behind this requirement is to avoid keeping obsolete data or contact information, which you can not verify. 

At LinkPoetry we have two options for dealing with these requirements:

  • we can delete all subscribers that are not “confirmed subscribers” (bounced, unsubscribed, not confirmed…)
  • we can delete all those subscribers who did not interact with us in a specified interval of time. 

Performing these actions periodically helps us in keeping our lists clean and avoid losing valuable subscribers.

7. Data export and portability

GDPR also requires us to offer to our users the possibility to ask for a copy of their files for portability reasons. The downloaded data export file should be in a machine-readable format (not human readable). LinkPoetry by default collects only names and email addresses, but if we configured the extra profile fields, those data will be exported as well. 

To simplify this process, we created a new special tag: 

{profile_export_url}

We use it in our profile editing page to create a link that generates a JSON export of the subscriber data.

8. Data modification and integration rights

LinkPoetry allows subscribers to access their own profile editing panel, where they can change every detail whenever they feel like to. Therefore, there is nothing special to do in this case. We always make sure that users’ profiles are reachable, making this option as clear as possible. 

9. Data removal

At this moment, LinkPoetry subscribers do not have the ability to delete their own data. We can delete the whole subscription from the administration panels as and when requested by subscriber.

10. External delivery services and hosting providers

Our SMTP providers are already GDPR compliant. We state in your privacy policy that we are using external services. Usually, all the delivering services provide a Data Protection Agreement (DPA). 

Finally, as regards hosting providers, they store physically our data on their servers, including our subscribers data and they are also GDPR compliant.

🍪 We use cookies to ensure that we give you the best 😃 experience on our website.