The GDPR Act was implemented May 25, 2018. User.com is compliant and still perfectly responds to every user need.
With the help of User.com, you can store all sensitive data in one place. One main database manages personal data and consent expressed by user with its date and type, as well as giving you the opportunity to delete all information, if needed.
How can the user give consent for data processing?
The forms that users fill out can include a field (checkbox) that sends data to custom attribute "consent to the processing of personal data" with a boolean value: yes or no. Please, remember that the attribute should be prepared beforehand. More info about this here.
You will be able to see it as a slider in the user’s profile. After the user marks the checkbox, the information is automatically updated in the user's profile. You can also create an attribute related to the type of consent that the client expressed, e.g. confirmation sent via email/on paper/from the form etc. More info about this here.
Also, you can create an event for each consent given by the user. This will allow you to check when exactly you received the consent.
Once the user has agreed to the processing of their data, it is not necessary to display this field again in subsequent forms sent to this user. During "Create a form", set the option for those users who have the attribute "consent already updated". This way, the form will not show the checkbox again, and the chances of the user filling out the form are increased.
The option "Forget about me"
We offer our clients several channels of communication: chat conversations, phone calls, SMS, email messages. If our client asks us to remove the data of a given user from our database (and there are no contraindications listed in the GDPR Act), we immediately delete all data from several different databases manually. Also, we don’t need to look for this user in our mailing list. We delete all the info about the user (forms submitted, links clicked, emails received, etc.) in a matter of seconds. Thanks to deduplication function, User.com merges users with the same email address and removes all of the users at once. That gives you confidence that you are no longer storing any data about this particular user. Furthermore, this user's actions disappear from statistics on forms and email campaigns.
Anonymization of personal data
Show employees only data that is necessary for them to do their work
In the menu, "Settings", from the section, "Team Management", the administrator of the app can give or remove the possibility to view user data. In the section, "Access Level", set what kind of data the agent can see. Furthermore, the agent has the ability to filter users by selected data without seeing said data. For example, an agent can send email campaigns without seeing (was not given access to see) the email addresses of the recipients.
Time of data storage
The UE gives you the option of deleting inactive users’ data. You can do it yourself. In Settings - Main settings - Additional - User removal settings by filling up the number of days user stayed without any activity. You can also ask our support department via the chat to set it for you on our side. Please, remember it won’t be immediate and you need to wait to see the result.
Place of data storage
User.com has several servers all over the world. When it comes to GDPR restrictions, a few of our servers are situated in Europe to keep data within the European Economic Area (EEA).
Moving user data
In accordance with the GDPR Act, the company should process with proving required details to the indicated entity upon request. Full information about a specific user can be exported to a CSV file at any time and sent to any location chosen by the user.
In summary, thanks to User.com, you can store information regarding user consent for personal data processing. This information is visible in the user’s profile for every user in the database.