What Is The GDPR And Why Does It Concern You?
The European Union (EU) introduced a landmark regulation called the General Data Protection Regulation (GDPR in short) on the 25th of May, 2018.
The goal of GDPR is to give EU residents drastic improvements to their privacy rights and control over their personal data, and to protect them from privacy breaches and leaks.
Every organization that handles, markets or tracks the personal data of EU residents is concerned, even if they are not based in Europe. In the case of software companies which typically sell their products globally, this means that this regulation applies to everyone, no matter where they are based.
There are strong penalties in place for non-compliance: up to €20m or 4% of global annual turnover, whichever is higher.
Making sure we were compliant, and in turn that the personal data of the audiences signing up to your campaigns was treated correctly, whilst continuing to provide a great buyer experience has been an important focus for us.
Here are the main concepts of the GDPR:
Personal data requires lawful processing
This means that you shouldn’t buy email lists where you don’t know how consent was acquired, and we can’t enable newsletters to audiences if we don’t know whether they have consented to them.
Audiences should specify exactly what communications they want to receive from you
This means that the language explaining how you will contact them needs to be very clear and respect certain rules - leading to fewer unsubscribes and spam reports.
Audiences will have a right to transparency around the collection and processing of their data
This means that they will be able to ask us for the data we store on them and receive it in a simple format.
Audiences can request the right to be forgotten
This means that if they ask us, we will remove all their personal data.
We act on your behalf as what is called a Data Handler to you the Data Controller.
Data Transfer & Sharing
Rules for transferring data outside of the EU haven’t actually changed under GDPR, and whilst we process data outside of the EU, we do so in a way that is fully compliant with EU law.
We process and store data in the US using infrastructure and data solutions provided by Amazon. Amazon is certified under the EU-US Privacy Shield, and as such, the transfer and processing is compliant without the need for additional consent.
Our platform implements industry best practices for data security, including encryption at rest and in transit, access control, and auditing. Keeping buyer data private and secure is extremely important to us at Vieworks.
Cookies & Tracking
We use a small number of GDPR compliant tracking and monitoring platforms. These services use a combination of temporary and long-lived cookies to be able to identify unique user journeys. These services are used internally only for platform diagnostics and product improvements.
The data collected is not shared with any outside parties, nor is it used for any activities which would require further GDPR compliance or an opt-out. They are necessary to ensure the reliable operation of our platform.
We provide a simple way for you to collect opt-in marketing consent during the user experience. We do this using GDPR compliant language permitting marketing updates and offers in the future direct from your company. We will pass this consent information back to you in our Dashboard and APIs.