GDPR Compliance
The General Data Protection Regulation (GDPR) is a European Union (EU) regulation that mandates how an organisation should handle personal data. The GDPR came into force on May 25, 2018.
The General Data Protection Regulation (GDPR) is aimed at giving citizens throughout the European Union (EU) control over their personal data. GDPR applies to you if you are a European Union citizen or, as a business, if your email subscribers are EU citizens, or you deal with any kind of personal data of EU citizens.
How our add-ons enable you to comply with EU’s GDPR policies
As a customer, you operate as the data controller and we are considered a data processor. You have the responsibility for ensuring that the personal data of subjects you are collecting is being processed lawfully and, similar to controllers, processors that process personal data on behalf of a data controller, are expected to comply with the GDPR.
Data Collection
With GDPR, you must have explicit consent from your email subscribers that they would like to receive emails from you. It is recommended that you use double opt-in to align with GDPR compliance requirements. For EU individuals who are already on your marketing lists, you may need to contact them by email asking them to confirm their consent.
You should include a visible unsubscribe link in your marketing emails that your subscribers can click to instantly unsubscribe from all your future communications.
Data Storage and Processing
All your customer’s data is stored in your Google account, inside Google Sheets, Docs, Gmail, Google Drive or Google Forms and not on our servers. Our addons read the data directly from your data source and perform the necessary actions (like sending emails,SMSs, generating documents etc.) without transferring any personal data.
The email messages are not stored on our servers. If you choose to attach Google Drive files in your emails, the content of the files are not stored on our servers. Your form submissions are not stored on our servers.
We use Google’ Stackdriver logging tool for error tracking and debugging errors. It includes stack traces, error messages and the logs do not include any Personally Identifiable Information (PII) data.
We use PayPal, Stripe, and Razorpay to manage your payments. The payment processors only provide the customer’s email address and, in case of PayPal, the shipping address for generating invoice. We do not have access to any banking or credit card information of our customers.
Data Portability
We do not transfer, sell, make copies, or share any of your data processed by our Google Add-ons to third party services or companies. We only store data that is absolutely necessary for our add-ons to function.
You can download and export all your subscriber’s information in Google Sheets. This allows for easier migration to other services.
Data Erasure (Right to be forgotten)
If you uninstall a Google Add-on, or revoke access to the add-on from your Google Account, the add-on will not be able to access any of your data and will instantly stop functioning.
Our Google Addons use your own Gmail account to send emails. You can feed your customer profile data directly into our Google Add-ons - through Google Sheets and Google Forms - to send marketing emails, transaction emails and form notifications. Our tools only facilitate your compliance to GDPR, your sending practice is key to complying with GDPR.
If you have any questions about this GDPR Compliance, please contact us at support@dawent.com