How to comply with General Data Protection Regulation (GDPR) using Convertful
If you’re located in the European Union or collect data originated from European Union, you have to comply with the General Data Protection Law. If so, you’re a Data Controller, and we’re a Data Processor acting on your behalf.
Here’s what you need to do to make sure you’re GDPR compliant regarding usage of Convertful.
This manual is provided for information purposes only and should not be treated as a legal advice.
Step 1. Sign the Data Processing Agreement #
Art.28 of the law requires us to sign an agreement which defines our relations and your instructions to us as a Data Processor. Go to your site’s setting in the Convertful application, fill the fields, generate, read and sign electronically the Data Processing Agreement. If you need more info on how to do this, here’s the illustrated manual.
Describe there which data you collect from your subscribers, how you collect it, how you use it, to whom you disclose it, where it’s located and some other details required by the law. Here’s a good checklist which could guide you through the process.
In short: we collect and process the personal data of your visitors on your behalf based on the instructions that you provide to us via the Sites. Except for the data types you explicitly define to collect, we shall also collect data about the first visit (like time and source), technical data (like IP and browser type), behavioral data (like which widgets a visitor viewed, closed and submitted).
Step 3. Get Informed Consent from Your Subscribers #
Art.7 of the law requires you to have a proof of a informed consent for every subscriber whose personal data you use (for example when sending him/her a newsletter).
There are several ways to have it:
- design your subscription form in a way it clearly describes how the entered data will be used and with the clear relevant call-to-action on the button (for example, if you subscribe a person for a newsletter, it should be “Subscribe Now” not “Download Now”).
Additional Information #
If you have any specific questions, regarding the GDPR, or you need us to perform some additional actions in according to it, please feel free to create a private support ticket for this.