GDPR Policy. Last Updated May 22nd, 2018.
Collect Reviews is aware of the need of all companies operating within the EU to ensure their compliance with the policies outlined by the General Data Protection Regulations (GDPR) entering into effect on the 25th of May 2018.
We are taking steps to ensure that our responsibilities are met to comply with the requirements of the GDPR, both in terms of our operations as a Data Processor (where Collect Reviews processes data on behalf of the companies for whom it provides services) and as a Data Controller (where Collect Reviews stores information relating to those persons it is in contact with regarding the products and services offered by Collect Reviews).
This policy is not intended to act as legal advice for your company and we strongly recommend that each company undertakes its own review of GDPR policies and seeks legal advice where appropriate.
All enquiries relevant to this policy and our actions related to the GDPR can be addressed to firstname.lastname@example.org
Collect Reviews as a Data Processor
Collect Reviews is making every effort to ensure that their responsibilities as a Data Processor under the GDPR are met, and seek to do so in an open and transparent way. In our role as a Data Processor, our clients entrust us with private information regarding their end customers (Data Subjects). This is already limited to the minimum data required to perform the core function of requesting reviews, namely: contact details (such as email), name, and purchase information directly relevant to the review. We have always offered the ability to request, review, amend or delete any such data stored by us, and will continue to do so under the GDPR while further enhancing relevant notifications and processes surrounding this.
Collect Reviews already takes the data it handles very seriously, working to protect the privacy and security of the information which it processes. Further, we are reviewing all steps involved to ensure that the data collected is minimised to the greatest degree possible, and that everything is as transparent as possible for all parties involved.
What this means for us:
- Collect Reviews will continue to review all of its internal policies and procedures to ensure compliance with the GDPR and in addition to this policy will release updates to both the Terms of Service and Data Policy which reflect changes relevant to GDPR compliance.
- Collect Reviews is monitoring the compliance of all sub-processors involved in the handling of any private data.
- Collect Reviews will comply with all requests from data subjects relevant to the personal data stored regarding them (data subject access requests), including the ability to amend or delete all data.
- Collect Reviews will continue to minimise all data which is stored related to data subjects and release further updates to ensure transparency and ease of use for all data subjects in relation to their data.
What this means for your company:
- As a Data Processor, Collect Reviews is processing review requests on behalf of your company, the Data Controller. Depending on the nature of the services provided by Collect Reviews, and/or the integration option chosen, your company will provide us with private data related to data subjects.
- While your own internal review related to GDPR policy is likely necessary to determine your obligations, it’s recommended that you name Collect Reviews as a data processor for this information and state the purpose for using our services.
- Where Collect Reviews will be contacting data subjects on behalf of your company in order to collect reviews, and/or processing any private data related to the data subjects, it may be necessary that Collect Reviews is explicitly named as a data processor for this purpose in any consent obtained from your customers. We recommend being as open and transparent as possible regarding the purpose and the nature of the services being used, as well as the data being processed.
- Under the GDPR your company will be required to comply with any requests for personal information from your customers, known as a data subject access request. Collect Reviews intends to meet compliance in this regard and give access to any relevant information required for your company to comply with such a request in relation to the data which has been processed by us. Please don’t hesitate to contact us at email@example.com for any further information or assistance with such a request.
Collect Reviews as a Data Controller
In our operations as a commercial business, Collect Reviews may collect private data related to individuals who are current, past, future or potential customers of Collect Reviews. Every effort is already undertaken to ensure that the level of personal information obtained is minimal and serves a clear business purpose.
Collect Reviews may gather this information from interactions with our website (as outlined in our Data Policy), information submitted directly on our website via forms, or through direct communication with company representatives. Further information may be gathered from available public sources such as online directories, business registries, and publicly displayed information on social networks and company websites.
Collect Reviews continues to monitor the compliance of the data processors it engages to ensure their compliance with the GDPR. Relevant policy announcements from Data Processors engaged by Collect Reviews for its business activities can be found here:
Collect Reviews makes every effort to ensure that all commercial communication is carried out with a clear and apparent business interest and will comply with any requests for deletion of any relevant personal data or end further contact per the GDPR. Please do not hesitate to bring to our attention any unwanted communication or lodge a “request to be forgotten.”
To make a request, simply email firstname.lastname@example.org.