GDPR Consent

In this manual...

• GDPR regulations
• Account Level GDPR compliance
• Customize GDPR at the list level
• Customize GDPR at the product level
• GDPR for Raw forms
• What if a contact doesn't give consent but they have given it before?
• Revoking GDPR consent
• Right to be forgotten
• Data Processing Agreement

GDPR is a regulation in the EU that helps consumers better understand where data is being collected about them and helps ensure that data is being protected. The GDPR applies to any company doing business in the EU and not just companies located in the EU. Simplero is committed to helping our customers to conduct business in compliance with these regulations. 

You can learn more here. 

The GDPR regulation requires that...

• companies let consumers know when their data is being collected,

• companies cannot require a customer to consent to be on their email list or give you their email address in exchange for "free" opt-ins, and

• consumers must actively consent to be on your mailing list.

Simplero provides special GDPR consent boxes that can appear on both mailing list opt-in forms and order forms. The GDPR consent terms are the same for your entire Simplero account unless you customize them for a specific product or list. They can also be turned on for specific lists as you choose. 

Account Level GDPR Compliance

1. Select Settings from your Simplero Dashboard

2. Select Account settings
   
   

3. Scroll down to the Privacy section
   

4. Make a decision about adding an extra consent checkbox to opt-ins and order forms:
   
   
   

   • Require GDPR consent from all contacts - It will show for everyone no matter where the customer is located

   • Only for contacts from the EU/UK (Based on their IP address) - Simplero will check the IP address and if the IP address is located in the EU we will show the checkbox. Keep in mind if you select this option and the customer normally resides in the EU but is completing the form outside the EU they will not see the box

   • Never ask for GDPR consent - The consent box will never show

5. Set your GDPR consent message. In the next two fields, you can edit the terms that will appear next to the checkbox. If you write nothing in these boxes, the light grey text you see is what will appear and it will be auto-translated where Simplero is able. 
   
   Note: If you customize the message, it will not translate automatically. 
   
   

6. Click the Save changes button at the bottom of the page. 

Customize GDPR at the List Level

1. Go to Contacts and choose Lists

2. Select the list you want to personalize the GDPR compliance settings for

3. Select the Configure tab and scroll to Advanced Settings

4. You can turn on the toggles based on whether you want the terms established in your account settings to appear or not. You can also choose to customize the GDPR consent message
   
   
   

This is what the field will look like on your opt-in form (with your customized text if applicable):

Customize GDPR at the Product Level

1. Go to Sales and choose Products

2. Select products you want to activate/deactivate the GDPR compliance settings for

3. Select the Configure tab and scroll to Advanced Settings

4. You can turn on the toggles based on if you want the terms established in your account settings to appear or not appear. You can also choose to customize the GDPR consent message
   
   
   

This is what the field will look like on your opt-in form (with your customized text if applicable):

Note that giving GDPR consent is required when processing a purchase.

What happens when my customer checks or does not check the box?

You can view your customer's GDPR responses on their contact record. 

1. Select Contacts from your Simplero Dashboard

2. Choose Contacts

3. Locate and select the contact name

4. In the Contact information screen, in the right sidebar towards the bottom, you will see notes about whether they have provided consent or not. 

 If consent is not provided the customer will still be taken to the thank you page and provided with any content associated with your list, as well as receive the Day 0 welcome email(s) but they will receive no other autoresponders or other emails from you. They will not even receive a double opt-in confirmation email.  

We exclude members who haven't given gdpr consent from the member directory if GDPR is required at the account level. They are also excluded from any site notifications, regardless of their notification settings

Consent when using a Raw Form Opt-In and/or Custom Thank You Page

Raw form opt-in

When you use a raw form opt-in you can still obtain GDPR consent. After the customer completes the form they will be taken to a consent landing page where they will confirm their consent, rather than seeing a GDPR checkbox on the form. 

Custom Thank you pages

When using a custom thank you page or a program like lead pages where you are using the raw form and then the thank you page is overridden, the contact will show as not having provided GDPR consent as the GDPR consent page will not appear. In these cases, you will want to be sure you are obtaining active consent through another option. 

What if a contact doesn't give consent but they have given it before?

• If they have given consent for a previous list and they subscribe to a new list and do not give consent:
  • They get subscribed anyway
• If previously they didn't give consent and they subscribe to a new list and give consent:
  • Contact is marked as consent given (for current and future subscriptions)
  • Previous subscriptions remain not subscribed

Revoking GDPR consent

GDPR consent can be revoked both from the admin and customer's side:

Revoking / Giving GDPR consent from the admin side

• Go to your Contacts
• Select action: Revoke or Give GDPR consent
  
  

Revoking / Giving GDPR consent from the customer's side

• The customer will need to go to their Manage email subscriptions page in their Dashboard(you can share this guide with them)
• They can then choose to Revoke GDPR consent (this will only affect future subscriptions) or unsubscribe from current subscriptions:
  
   

Right to Be Forgotten

The Right to be Forgotten is defined as the complete removal of contact and all the data collected on them. As of this writing (5/23/2018), Simplero is working on the ability for account owners to delete purchases from your system.

These are the options currently available: 

• You, as the account owner, can do a contact clean-up, go into an individual contact, edit and then delete them. Be careful deleting a customer who is actively subscribed or has a purchase will delete their access to those items. Both of these options will remove all contacts that are not actively subscribed, or have a purchase in your account.
  
  
• Another option is for them to delete their Simplero ID. Be careful when suggesting this to a customer, because if they have purchased from other Simplero account holders they will be removed from the system completely and no longer have access to the content they purchased from you or those other businesses. You can share this guide with them if they wish to delete their Simplero ID. (Note: This deletes their Simplero ID but it doesn't delete the customer's information on the admin side. You will still need to go in and delete their information if they wish so)

DPA - Data Processing Agreement

Each Controller is required to have a DPA with each of its Data Processors. Simplero provides each of our customers with a pre-signed DPA which can be found in your account.

To reach it...

1. Select Settings from your Simplero Dashboard

2. In the Account tab, scroll down to the GDPR Compliance section.

3. There you will find a link to the DPA. You can print, sign and keep it for your records. You do not need to return it to Simplero.