Learn more about how Sleeknote is GDPR compliant
May 25th this year, the new General Data Protection Regulation (GDPR) will be in effect.
The GDPR is an EU regulation that will focus on strengthening and unifying the data protection laws for everyone who lives in the EU. In Sleeknote data protection has always been one of our top concerns and thus welcomes the regulation.
In Sleeknote we have been working for the last 6 months on planning and executing plans, to make sure we are 100% GDPR compliant.
Before we continue, here are a few definitions you need to know when reading ahead and to understand GDPR
This is us, Sleeknote, we process the data for you the controller
This is you, the Sleeknote user, who controls the data for the data subject
The visitor on your website who data is gathered about
During the next months, you will see various changes or additions to both our Terms and agreement and to our products. You will also have to take some actions. You will find everything you need below.
What We Are Doing?
To make it easier for you to see exactly what data you have collected in your SleekBoxes or SleekBars about individual people we will add the ability to
- See and/or delete all data collected for an individual person (data subject)
This is done by entering an email and we will show you what you have collected, and you can then choose to delete it.
- Ip address will be added to the data collected through SleekBoxes and SleekBars, so you as controller of the data, can verify that the data collected, was given by the data subject
If you end in a dispute where a data subject claims never to have given you the information, you can use the ip address to prove where for example the newsletter signup came from.
Automatically deleting submitted data after 3 months
We will start to automatically delete data collected through SleekBoxes or SleekBars older than 3 months. This will be in effect from 1st of June and forward and means that the first time we actually delete data is the 1st of September.
In short, the 1st of September you will only be able to download a CSV with emails going 3 months back to 1st of June.
Analytics data, will keep going back to the first day you started using Sleeknote.
Delete all data
All your data, including analytics data will be completely deleted on your request.
- Just contact our customer success team and tell us you want all data deleted, and we will do so (Note it make take a few days to be in effect)
- Also note that this of course also will happen in the horrible event of you ending your Sleeknote subscription. (We will store the data for an additional 3 months, in the event you want to resubscribe)
What Should You Do?
Sign a Data Processing Agreement
If you are in the European Union you want to sign a DPA with Sleeknote. The DPA will reflect our agreement that will govern the processing of personal data.
In other words, it’s an agreement that we, Sleeknote, can process personal data on your behalf, and what that ensues.
To actually sign the DPA
- Log into the dashboard and go to the account page.
- Find the section called “Data Processing Agreement”
- Press the review and accept button to see the DPA in its entirety. You will be able to download or print it, as it has already been pre signed by us.
- When pressing Submit we will store your name, time of signing, and your ip address to verify that you signed the DPA.
Update your own Terms and Agreement
To be compliant with the GDPR, your terms and agreement must reflect that you are collecting personal data.
You can also decide here to inform what data you are collecting with Sleeknote (or other similar tools)
Read more about data you can collect with Sleeknote here: data
Determining a legal reason for collecting data
A big part of the GDPR is to make sure you have a legal basis for collecting personal data.
There are 6 legal reasons, but we recommend using either the first or the last.
The first is consent. Consent means that the visitor is agreeing to you collecting the data, that means that all SleekBoxes and SleekBars should have a checkbox where the visitor can agree to you collecting and storing the data.
Remember to inform that you are using Sleeknote and your Email Marketing Service as the data processor.
For analytics data, you can decide to either user consent or legitimate reasons
If you decide to use consent, all visitors on your site must be informed and agree to you gathering data, (just like a cookie bar)
If you decide to use legitimate reasons, you have to inform in your terms and agreement that you are gathering the analytics data, and what you are using it for.
These reasons could be:
- To better the experience of visiting your site.
- To personalize the experience of website or newsletter.
- To track how you website performs.