Q: Hello, I took a look at the demo version and bought the deal because the brief description states that the ...
system complies with the European GDPR. After reviewing the privacy policy, it only says that it complies with the UK GDPR. As the UK is no longer part of the European Union, I wanted to ask when and if there will be EU General Data Protection Regulation (GDPR) compliance.
I am very enthusiastic about the software and would be very reluctant to do without it.
Thank you very much!
Much love,
Alexander
Translated with DeepL.com (free version)
Orkun_kiwilaunchHello @FrenchyGreg,
Perhaps I wasn't able to make the distinction, sorry for the mislead here.
When I mention about GDPR compliance, I am mostly about your compliance arising from using our platform.
For example:
"Your" online booking pages don't have 3rd party cookies.
Or "your" customers' details aren't shared in emails to avoid storing the data in 3rd part mail servers.
When we received the GDPR question we almost always got asked because our clients wanted to make sure that the usage of our platform doesn't violate their GDPR compliance. Meaning, they ask us such questions as a data processor, not a data subject.
However, if you are asking me as a data subject, we may need to ask again to our consultants how to manage the intercom for example. We had to urgently move to Intercom because our ticketing system emails were arriving in Spam, and I realized that when the third-party cookies were blocked, it didn't work.
When it comes to design, development, and consultancy, we try to throw any dollars into things that our customers would benefit from. If I give an example, our own subscribe button brings you to Stripe hosted subscription page. So as a company that builds the best checkout experience with integrated Stripe payments for thousands of clients, we don't have our own checkout page ;) With GDPR we also had the same approach.
So all in all, I would recommend giving our platform a try (could be via the free tier) and if you actually find out about gaps, please share them through in-app messenger, because we have a large number of clients in the EU and their compliance is our top priority.
Hope I could address your question!
FrenchyGregThank you for your reply. I'm a web consultant and advise my business clients. All the questions you receive about the RGPD are really not to bother you. We are really stuck here when using non-compliant software. Here are the points I raise regarding your solution:
1. Does your app install cookies on users' devices? If so, is the user informed of the existence of these cookies and their purpose? Finally, can they refuse them?
2. GDPR requires a box to be ticked for each data capture, so each form. A text such as 'you accept the terms of use' is not a compliant text. This is because it does not specify the purpose for which the data will be used. This text must not refer to another page with a link, for example.
3. GDPR also requires active data to be kept for a maximum of 2 years. Does your solution identify customer accounts with more than two users? Once identified, can their data be deleted without breaking other parts of the software (order history, invoices, etc.)?
@FrechyGreg
1.Does your app install cookies on users' devices?
- no cookies are installed.
2. A text such as 'you accept the terms of use' is not a compliant text.
- Technically from Custom Labels, you can change the text that’s written in form elements and in ‘i accept’ section and I believe that can ensure compliance even in your standards, but we still would like to learn a bit. Would you kindly share an examplary use case (compliant benchmark) with Support@kiwilaunch.com? We try to make sure we give the necessary tools so if a client wants to be compliant with GDPR standards (even outside the EU or the UK), they can still be.
3. GDPR also requires active data to be kept for a maximum of 2 years. Does your solution identify customer accounts with more than two users?
- To my knowledge, GDPR didn’t specify the actual max fixed duration but it suggests minimization. Of course upon your message, I should recheck the guidelines. We are not providing a lead generation, marketing targeting kind of service. When actual services are provided like medical, home services or personal services, there may arise some liabilities and obligations. These liabilities may a lot of times not have statue of limitations. As a benchmark, our knowledge for example is that Germany requires companies to store invoices for a period of 10 years at least. So our interpretation was that minimization meant far beyond 2 years.
I don’t find your questions as bothering in any way, and actually I find them as somehow complimentary expert opinion. It is just, legal text generally are subject to interpretation and legal protection is most of the times not binary, but a spectrum. We tried to be practical and wanted to build compliance without giving up commercial value (e.g. not losing conversion rate) and worked with good experts. However we are a young company and I am sure we have ways to improve.