Our Commitment to GDPR
What is it?
The General Data Protection Regulation (GDPR), is a European privacy law approved by the European Commission in 2016 and will go into effect May 25th 2018. The GDPR will replace a prior European Union privacy directive known as Directive 95/46/EC which has been the basis of European data protection law since 1995. The GDPR is an attempt to strengthen, and modernize EU data protection law and enhance individual rights and freedoms, consistent with the European understanding of privacy as a fundamental human right. The GDPR regulates, among other things, how individuals and organizations may obtain, use, store, and remove personal data. In a nutshell, it's giving EU citizens and residents control over their personal data while simplifying the regulatory environment for international business that takes place in the EU.
The Data Protection Principles include requirements such as:
- Personal data collected must be processed in a fair, legal, and transparent way and should only be used in a way that a person would reasonably expect.
- Personal data should only be collected to fulfill a specific purpose and it should only be used for that purpose. Organizations must specify why they need the personal data when they collect it.
- Personal data should be held no longer than necessary to fulfill its purpose.
- People covered by the GDPR have the right to access their own personal data. They can also request a copy of their data, and that their data be updated, deleted, restricted, or moved to another organization.
Why is it important?
GDPR adds some new requirements regarding how companies should protect individuals' personal data that they collect and process. It also raises the stakes for compliance by increasing enforcement and imposing greater fines for breach. Beyond these facts it's simply the right thing to do. At OptimizePress we strongly believe that your data privacy is very important and we already have solid security and privacy practices in place that go beyond the requirements of this new regulation.
OptimizePress's commitment to data privacy and GDPR Compliance
With the May 25th deadline fast approaching, our compliance, privacy and information security teams are almost done checking off our GDPR to-do list. Below is an overview of what we have done or are in the process of doing to meet the new regulation requirements.
We have conducted a company wide review of all our current solutions and are working on adding new features to assist our customers in making their websites GDPR compliant
- Consent Checkboxes on opt-in forms in OptimizePress 2.0 (LiveEditor)
- Consent Checkboxes on opt-in forms in SmartTheme
- Consent Checkboxes on opt-in forms in OptimizeLeads
- Transmitting consent data to third party integration via tags or custom fields (platform wide where possible)
We are working to have all of these features implemented by the 25th May 2018 where possible. Features will be added as they are completed and updates will be released
Data Processing Agreement
We offer a data processing agreement (DPA) for our customers in the EU who use OptimizeLeads (this is the only software where we act as a processor). Our DPA offers contractual terms that meet GDPR requirements and that reflect our data privacy and security commitments to our customers.
There is no need for a DPA for users of our themes and plugins as we do not see any of your customer or prospect data as this is all controlled within your own website.
To guarantee no terms are imposed on us beyond what is reflected in our DPA and Terms of Service, we cannot agree to sign customers’ DPAs. As a small team we are unable to make individual changes to our DPA as we do not have a legal team on staff. Any changes to the standard DPA would require legal counsel and a lot of back and forth discussion that would be cost-prohibitive for our team.
If you have any questions or concerns please let us know.
Updates to our third party vendor contracts
We are here for you
We are working with our customers to answer any questions and address any concerns regarding how we protect their personal data and gearing up for GDPR. If you have any questions, please don't hesitate to contact us.
Policy Updated: 1st February 2019