The EU General Data Protection Regulation (“GDPR”) is a new comprehensive data protection law that takes effect on May 25, 2018 and will set a new standard for how companies use and protect personal data and the rights of the individual. At yawave, we’ve been working hard to prepare for and comply with GDPR, to ensure that we – and hence our customers towards their users – fulfil the GDRP obligations. With our solutions we not only maintain transparency about customer messaging and how we use data – moreover we provide innovative features for a better handling of privacy. Here’s an overview of GDPR, and how the yawave software complies with the GDPR rules:
Yawave software features are obtaining users’ consent for data processing in a very transparent way:
- Informed: Data tracking and processing steps are always clearly indicated (e.g. on referral dialogue next to the referral button) – moreover wave owners and participants are being reminded of their responsibility for data security when uploading addresses in contact lists or referral dialogues.
- Clear affirmative action: Only after physical effort the data is being tracked (e.g. referral button clicked).
- Freely given: It is always the users choice (no matter if it is a referral or a conversion activity that is linked to data processing).
- Specific: We link user data to a specific purpose (e.g. newsletter, campaign) and even provide the possibility to (un-)subscribe for content- resp. purpose-specific campaigns or newsletters.
- Unambiguous: As consent is always collected a) related to specific purpose or content, b) with a physical effort and c) with clear information about the data processing, it does leave no room for doubt about the data subject’s intentions in providing agreement to their personal data being processed.
In order to comply with GDPR yawave tracks when and how a user gave consent. This information is even accessible for the respective user in his wave / campaign cockpit. For example for referral based consent yawave tracks the time stamp of that activity, the incoming referral link and the outgoing channel – we strongly believe that this contextual information makes it better understandable for a user when and how he gave consent.
In the case of a data breach event, we notify our customers and subscribers and wave participants of any risk within 72 hours. Additionally, we provide our customers with efficient functionality to also notify their contacts. We have early warning indicators in place and respective agreements with our suppliers (e.g. data-hosting provider).
Right to access
Everyone using yawave or participating in a campaign can access his personal information being processed anytime from everywhere – a transparent cockpit provides all the personal information. Individuals can order an electronic copy of their personal data records for free.
Right to be forgotten
When data is no longer relevant to its original purpose, wave participants can have their data erased.
Yawave provides data export features which allows the individual to transfer personal data into a common file format.
Privacy by design
Data protection and privacy is an integral part of our daily software development process – and based on customer- and user-centric approach we constantly also expand the yawave privacy features. Powerful proof points for this are our unique privacy tools: with yawave users are in full control of their visibilty in waves. They can create visibility cards and decide to appear with full profile incl. name and picture in one wave, and completely anonymous in another wave. Furthermore wave owners can limit visibility for entire waves in the wave builder.