General Data Protection Regulation and LinkPoetry
The General Data Protection Regulation (GDPR) adopted by the European Union entered into force in May 2018. This regulation poses a set of rules to how we communicate and interact with prospects and customers within the European Union and it focuses also on data storage and protection. The GDPR introduced some substantial changes to the previous norms that regulated those matters.
But don’t worry, this is not rocket-science! LinkPoetry is fully compliant to GDPR and in this policy statement we will cover all the essential aspects of it. Just a quick note: while the GDPR uses the term “subject data”, in order not to create confusion we will use “subscriber data” instead.
1. Data processing agreement
LinkPoetry stores all the subscribers’ data inside the WordPress database, and does not transfer any data to any services of our company.
2. Subscribers data
The majority of the concepts expressed inside the GDPR run around the notion of “personal data”. The definition given by the regulation is pretty strict: “Any information that could be used, on its own or in conjunction with other data, to identify an individual”. At LinkPoetry we store many information, for example the name, surname, email address and IP address. Clearly this is not forbidden per se, but we tell our users exactly what we keep track of, why we are doing that and with what purpose.
3. How LinkPoetry treats consent
One of the most important aspects of the new regulation is how consent is given by users and how to keep a proof of it. To keep it simple: you have to make sure of what your subscribers give consent to during the subscription process.
At LinkPoetry we show at subscription form according to what information we want to collect from our subscribers. Read more about subscription forms here.
Two key aspects is always considered: the double opt-in and the privacy checkbox.
- the double opt-in is always a good practice and it is required by law in many countries to confirm the will of the subscriber. Basically, to subscribe, users must fill the form and activate their profile, giving their consent two times before the actual service starts.
4. Proof of consent
The GDPR requires to keep proof of user consent. At LinkPoetry, when a subscriber changes his profile by activating a specific list, he could be giving a specific consent (for example to send marketing emails). Our software provides a logging feature which records every change the subscriber performs on his profile, with a timestamp.
5. Data stored by LinkPoetry
Besides name and email address, our software can collect other data, if for example extra profile fields have been configured. Moreover, our software collects IP addresses at the moment of subscription and whenever a user performs an action on newsletters, if tracking is active. IP addresses are used for various features, from tracking to geo-localization.
6. Data conservation
One of the requirements of the GDPR is that you have to clearly inform your subscriber of how long you are going to keep their data on your servers. This info must be stated clearly in your Terms & Conditions page. The reason behind this requirement is to avoid keeping obsolete data or contact information, which you can not verify.
At LinkPoetry we have two options for dealing with these requirements:
- we can delete all subscribers that are not “confirmed subscribers” (bounced, unsubscribed, not confirmed…)
- we can delete all those subscribers who did not interact with us in a specified interval of time.
Performing these actions periodically helps us in keeping our lists clean and avoid losing valuable subscribers.
7. Data export and portability
GDPR also requires us to offer to our users the possibility to ask for a copy of their files for portability reasons. The downloaded data export file should be in a machine-readable format (not human readable). LinkPoetry by default collects only names and email addresses, but if we configured the extra profile fields, those data will be exported as well.
To simplify this process, we created a new special tag:
We use it in our profile editing page to create a link that generates a JSON export of the subscriber data.
8. Data modification and integration rights
LinkPoetry allows subscribers to access their own profile editing panel, where they can change every detail whenever they feel like to. Therefore, there is nothing special to do in this case. We always make sure that users’ profiles are reachable, making this option as clear as possible.
9. Data removal
At this moment, LinkPoetry subscribers do not have the ability to delete their own data. We can delete the whole subscription from the administration panels as and when requested by subscriber.
10. External delivery services and hosting providers
Finally, as regards hosting providers, they store physically our data on their servers, including our subscribers data and they are also GDPR compliant.