By now you are likely aware that on May 25th, 2018, a new data privacy law called the General Data Protection Regulation (GDPR) will come into effect.
Here at Aimtell, we’ve been diligently working to implement processes and procedures to ensure we meet both our Data Controller and Data Processor obligations under the new European Union’s General Data Protection Regulation (GDPR) as well as ensure you can easily use Aimtell in a GDPR-compliant manner.
With any new laws or regulatory changes there is always some confusion. As such, we’ve decided to help clear any uncertainty by providing an overview of what the GDPR is, how it impacts our users and how we’re helping you in reaching compliance.
What is the GDPR?
The GDPR is a new set of regulations coming into effect that were created to help strengthen the rights that individuals have regarding personal data and seeks to unify data protection laws across Europe.
In essence, the GDPR adds several ‘Pillars’ of required compliance including:
Right of access: The right of an individual to request information about how their data is being used as well as a copy of the data itself.
Right to rectification: The right for individuals to contact a Controller to correct inaccurate personal data.
Right to be forgotten: The right for individuals to request their data be erased under certain circumstances. These include when a individual withdraws consent, when the data no longer needs to be processed for the original reason it was collected and when the data is processed unlawfully
Right to restriction of processing: The right for individuals to restrict how their data is processed in certain circumstances.
Right to data portability: The right for individuals to receive their personal data.
Right to object: The right for individuals to object to the processing of their personal data.
How does the GDPR impact Aimtell’s users?
One of the beauties about Website Push Notifications is that it was built to overcome some of the biggest existing problems found in other marketing channels such as email or sms. One of these is that Aimtell and Web Push is inherently anonymous.
While we believe data can be an invaluable tool for marketers to provide highly relevant messages to their subscribers, we fundamentally still stick to the anonminity brought by web push. In fact, we do not collect any Personally Identifiable Information from your subscribers, other than those explicitly provided by our users through use of our APIs.
The only potential exception to this has been IP addresses. IP addresses have been considered by some standards to be Personally Identifiable, particularly when combined with other data points.
As such, starting May 25th, 2018, Aimtell will stop automatically storing the IP address of subscribers. Instead, these will be anonymized. If you’d like to continue collecting the IP addresses of your users, you can override this in the settings – more on that below.
Features we’ve released to help you reach compliance.
Aimtell currently offers various features within the platform to help you reach compliance as it pertains to the ‘Pillars’ of GDPR mentioned above. Below is a list of those features, as well as a few new ones.
Subscriber Deletion – you may delete an individual subscriber at any time on the View Subscribers page. To delete a subscriber, check the box next to the subscriber and then click the options dropdown. To better find a particular subscriber, check out this help doc. This will also delete all data associated with the subscriber (per the data retention settings). Subscribers may also be deleted via our API.
Subscriber Attribute Edit/Delete [new] – to edit any custom attributes of a subscriber simply head into the subscriber details page and click on the custom attributes page. This page will show any custom attributes you have sent to Aimtell and edit or delete them as you wish.
IP address collection [new] – available in your website settings (Website > Edit > Misc Settings), this feature enables you to toggle IP address collection of your subscribers. If you disable this, we will anonymize all IP addresses for new subscribers and those who view your site again. After May 25th, this will be disabled by default unless you’ve manually set this.
Data Retention Settings [new] – available in your website settings (Website > Edit > Misc Settings), you are now able to specify how long any deleted subscribers (or subscribers who unsubscribed) and their respective data should be held until they are marked for permanent deletion.
Individual Subscriber Export [new] – easily export all information associated with a particular subscriber by going into their subscriber details page and clicking “export”.
Shopify Data Collection Settings [new] – for our Shopify users we automatically track some additional data points on your subscribers who purchase items. You may view and toggle these on/off in the dashboard under Websites > Edit > Misc. Settings.
Recommendations and next steps
Review and confirm your data retention settings
Starting May 25th, any deleted and/or unsubscribed subscribers and their respective data that is older than your retention setting setting will be marked for permanent deletion and will afterwards no longer be available in Aimtell. To check and/or modify your data retention settings, log into the dashboard and go to Website > Edit > Misc Settings.
Review any personal information shared with Aimtell
By default, Aimtell does not track any Personally Identifiable Information on your web push subscribers and they are all anonymous. However, we offer various ways for you to amplify your subscribers using custom attributes or custom events in our API or by enabling them in the Dashboard. As such, we recommend you ensure you are not sharing or storing any unneeded or sensitive personal data. Also, we recommend you determine if you check your current tracking settings in our Dashboard under Websites> Edit > Misc Settings.
If you have any additional questions please don’t hesitate to contact us at firstname.lastname@example.org.
P.S. Data Processing Addendums are available upon request. Contact email@example.com for additional information.