The European Union will begin enforcing the EU General Data Protection
Regulation starting on May 25, 2018 in an effort to strengthen the
security and protection of the personal data of EU residents.
The full text of the GDPR can be found
here
Does the GDPR apply to me?
While the current EU legislation (the 1995 EU Data Protection
Directive) governs entities within the EU, the territorial scope of
the GDPR is far wider in that it will also apply to non-EU businesses
who a) market their products to people in the EU or who b) monitor the
behavior of people in the EU. In other words, even if you’re based
outside of the EU but you control or process the data of EU citizens,
the GDPR will apply to you.
In keeping with our ongoing commitment to privacy and security, Klenty
is committed to making it easier for you to comply with the GDPR.
Important Definitions:
| Term |
Definition |
| Data Subject |
A person who lives in the EU |
| Personal Data |
Any information related to an identified/identifiable data subject
(e.g., name, national ID number, address, IP address, health info)
|
| Controller |
A company/organisation that collects people’s personal data and
makes decisions about what to do with it. So if you’re collecting
personal data and are determining how it will be processed (for
example using the Klenty services to market to prospects and
customers), you’re the Controller of that data and must comply
with applicable data privacy legislation accordingly.
|
| Processor |
A company/organisation that helps a Controller by “processing”
data based on its instructions, but doesn’t decide what to do with
data. So for example, Klenty is the processor of the data you
collect in your Klenty application. We don’t control how you
collect or use the data; we merely process it on your behalf and
on your instruction.
|
| Data Protection Officer (DPO) |
A representative for a controller/processor who oversees GDPR
compliance and is a data-privacy expert
|
| Data Privacy Impact Assessment (DPIA) |
A documented assessment of the usefulness, risks, and
risk-mitigation options for a certain type of processing
|
| Supervisory Authority |
Formerly called “data protection authorities”; one or more
governmental agencies in a member state who oversee that country’s
data privacy enforcement (e.g., Ireland’s Office of the Data
Protection Commissioner, Germany’s 18 national/regional
authorities)
|
| Third Countries |
Countries outside the EU |
Who is the Controller and who is the Processor, In the case of
Klenty’s relationship with a Customer
Unless explictly clarified in any engagement, Klenty will be the
Processor and Customer will be the Controller.
What does Klenty do to ensure lawful data transfers from the EU?
The GDPR permits transfers of personal data outside of the EU subject
to certain conditions. The EU model clauses (Standard Contractual
Clauses or SCC) provide a valid mechanism to lawfully transfer
personal data. Klenty offers a Data Processing Agreement that
incorporates the model clauses to our EU/EEA customers.
-
We have created a new Data Processing Agreement (DPA) incorporating
the Standard Contractual Clauses (SCC) to meet the requirements of
the GDPR in order to permit our Customers to continue to lawfully
transfer EU personal data to Klenty and permit Klenty to continue to
lawfully receive and process that data;
-
We have updated our Terms of Service to refer to DPA as a mechanism
to lawfully transfer data of EU Data Subjects to Klenty.
What changes is Klenty doing to help Customers comply with the GDPR?
-
Klenty has conducted a review of the Personal Data being stored and
has made several changes to the product
-
Users now have the ability to turn off Open/ Click tracking – giving
you greater power to choose what level of tracking you wish to
incorporate in your email campaigns
-
We now enforce appropriate Data Retention periods for Personal
information such as Email content, imported and exported CSV files,
Cookies (if you are using our Website Tracking feature)
-
We now permit complete customization of the unsubscribe link across
all plans. This will allow you to include a link to your privacy
policy should you choose to include it in your emails
-
Klenty permits you to download Data Subjects information in CSV
format, and also permanently delete Data Subjects and all of their
Personal Data
-
You can also use custom fields to store information relating to
consent for each prospect
-
To help Users comply with the Rights of Data Subjects, you can
reachout to support@klenty.com for reasonable requests
-
Data privacy and security is an ongoing effort and we will continue
to release new features to help you comply with GDPR requirements
-
We have created a new Data Processing Addendum(DPA) to meet the
requirements of the GDPR in order to permit our Customers to
continue to lawfully transfer EU personal data to Klenty and permit
Klenty to continue to lawfully receive and process that data
-
We have updated our Terms of Service to refer to the DPA as a
mechanism to lawfully transfer data of EU Data Subjects to Klenty
-
We maintain a list of sub-processors
here
Should you require a copy of our DPA, please send an email to
support@klenty.com.
