Info
This page is meant to serve as an introduction to the features and tools to help you in being compliant. You can also view our GDPR webinar here.
What is GDPR?
The European Union’s General Data Protection Regulation (GDPR) law, which is in effect as of May 25, 2018 imposes a strict set of requirements on how companies collect, store, and use personal data. Companies that don’t comply are subject to potentially hefty fines. Familiarize yourself with GDPR via their website and our GDPR Resource Center on the Launchmetrics website. Our resource center holds the Launchmetrics Privacy Policy, Data Processing Addendum, and User Policies.
How Do I Become GDPR Compliant?
There are internal policies and procedures that your business must decide according to your practices such as whether or not you require consent, what time period designates a contact as "inactive", how often you'll be reviewing inactivity and/or consent, etc. Once you've established these standards, stay compliant with our tools to:
1. Manage your site settings to set up data privacy preferences.
2. View what data is stored about your contacts.
3. Track if contacts are active or not from all activities managed through the platform (send outs, RSVP, email clicks tracking, update profile).
4. Provide accessible contact profile pages where contacts can view or update their stored information.
5. Share Privacy Policy & offer opt-in option.
6. Manage activity and consent and update or delete as needed
Collect Consent and Share your Privacy Policy
With the Data Privacy Manager, you'll be able to view your contacts information, activity, and consent status. In addition, you'll have the option to send a "Data Privacy Mailing". This is a unique type of email that is considered a legal notice. Therefore even if a contact is unsubscribed, they will still receive this notice. We have provided you with a few default templates- for your initial request for consent, to track consent on an ongoing basis, to confirm an opt-out, and to attempt to recover an opt-out. You can update the templates with language that's more relevant for your business' emails and activities.
Before sending the mailing, be sure you've linked your Privacy Policy in your Site Settings. When you're ready, search your Data Privacy Manager for the contacts you want to send your privacy policy and/or collect consent from.
After searching for the targeted contacts, you can send a Data Privacy Email. Please review the Data Privacy Manager article to understand in detail how to manage your contacts' data privacy.
View and Track Consent and Activity
Again in your Data Privacy Manager, you'll be able to search for contacts who have opted in, opted out, are pending consent as well as your contacts' last activity.
Archive and Delete Contacts
According to your needs and/or the procedures your business has outlined, you can search the Data Privacy Manager for contacts you'd like to permanently delete. For example, contacts that have "opted-out" or contacts who are "Inactive". As a reminder, your business dictates the time period that decides whether or not a contact is inactive. This is managed in your Site Settings.
Once you've searched, you can select all your contacts to permanently delete.
You also have the option to archive or delete contacts in Contacts Manager.
As a reminder, the differences between archiving or deleting a contact are:
- Archive a Contact: The contact will no longer be in the database and is flagged as inactive but can be brought back. Once they’re archived, you will not see them in Contacts Manager and can no longer send mailings, samples, or invite them to events but you can always see this contact’s information in your history. Once you archive a contact, if you decide to restore it, it’s as if you’re creating a new contact- all of its previous activity will be reset.
- Delete a Contact: The contact will no longer be in the database, can never be brought back, and any associated activity such as sample loans, event history will be anonymous. For contacts who have opted out of your database, they should be deleted.
Inactive contacts
Contacts are considered as inactive if:
- They never received a loan (not linked to any loan request, reservation or send out) within the GDPR Data Retention Period.
- They never clicked on any link (except unsubscribe link) from Contacts/Galleries/Events mailings (including never RSVPed manually or automatically) within the GDPR Data Retention Period.
- They have never been present at any event within the GDPR Data Retention Period.
- They had opted out (at any time not linked to this GDPR Data Retention Period)
- They did NOT opt-in (pending status) from within the GDPR Data Retention Period.
- They are "Temporary Contacts" linked to archived or active events (in other words not converted into permanent contacts during the GDPR Data Retention Period).
"Activity Status" = "Active" IF the contact received a loan (request, or reservation or send out) OR if they clicked on any link (excluding unsubscribe link) OR if they had been present to an event AND if the contact didn't opt out.
"Activity Last Update Time" is then set to the latest activity.
GDPR Data Retention Period is defined in Admin settings or in Site Settings.
Manage your Site and Account Settings
Your contacts should be regularly reviewed and cleaned up on an ongoing basis. You can set up site settings that will help you and your team manage this by clicking on your username at the top right corner of the screen and clicking on Site Settings.
Under Manage Account, you can choose to receive a monthly digest email with key numbers on your contacts who are active, have opted-out, etc. This can also serve as your monthly reminder to review your contacts and clean them up.
Our GDPR Recommendations
If you have specific questions or concerns on achieving your required needs for being compliant, please reach out to your Client Success Manager or support@launchmetrics.com. Launchmetrics provides a GDPR compliant platform, however utilizing the tool to achieve this varies from client to client. Our key recommendations:
- Do not keep additional documents and spreadsheets with contact information. You’ll have no simple way of tracking consent and/or activity.
- Do not save direct personal or identifiable data such as race, religion or philosophical opinions, health data/allergies, or morals.
- Do not share platform access/usernames across employees. This makes it difficult to understand, track, and prove who is accessing your contacts’ data.
- Do not use temporary contacts in Events (if you're an Events subscriber). If you must, delete or convert them to permanent contacts immediately after the event.
- Do regularly review your contacts' activity and consent statuses.
- Do archive and delete your contacts based on their activity and consent.