Brandify & The GDPR

Helping you stay compliant is our priority.

Brandify and The GDPR

By now you’re probably aware that the European Union (EU) has drafted a new set of regulations for upholding the rights of EU citizens when it comes to the storage and use of private data. The new rules are known as the General Data Protection Regulation or GDPR, and they are effective as of May 25, 2018. Though the rules are designed to protect the privacy rights of people in the EU, they are being implemented by companies who do business outside the EU, because most online services are available globally.

At Brandify, we are committed to upholding our customers’ rights as contained in these new regulations. Brandify will strive to support the compliance efforts of our brand clients and resellers. This document is designed to help Brandify clients and resellers understand the extent to which Brandify captures and stores private data on behalf of brands, and to outline the changes we are making in light of the GDPR.

Though we are working carefully to comply with the regulations, we must clearly state that nothing contained in this document should be interpreted as legal advice. Please be sure to work with an attorney if you have questions about your brand’s responsibilities.

 

Definition of Terms

The GDPR lays out certain roles and responsibilities for various parties involved in the gathering, collecting, and processing private consumer data. The regulation also helps define what kinds of data should be protected.

Data Subject: A data subject is any person in the EU whose personal data is being collected, held, or processed by a company, and therefore needs to be protected.

Data Controller: This is the company of record on whose behalf personal data may be collected. The Data Controller controls and is responsible for the keeping and use of personal information. You, the brand, would be considered a data controller if, for instance, you gather consumer names, emails, and phones on your store locators or local landing pages. 

Data Processor: Any company who helps the data controller to process data. In cases where Brandify collects personal data in the service of a brand client, Brandify is the data processor.

Sub-Contractor: A third party contracted by the data processor to perform data processing. Sub-contractors may include vendors, publishers, or contract employees. The extent to which their activities fall under GDPR depends on their access to personal consumer data.

Personal Data: According to GDPR, personal data consists of any data that can be used to identify a person, whether directly or indirectly. Names, photos, emails, phone numbers, social posts, and computer IP addresses are examples of personal data.

 

Rights of EU Persons under GDPR

The new regulation outlines several specific privacy rights for persons in the EU.  These rights relate to personal data such as your name, email address, phone number, profile photo, and anything else that could be used to identify you. Essentially, the GDPR grants residents of the EU broad rights with restricting to the control, verification, and access to personal data. It guarantees the following:

The right to be informed – an obligation on Brandify to inform you of the use of your personal data;

The right of access – a right to access personal data we hold about you;

The right to rectification – a right to correct personal data about you that may be incomplete or inaccurate;

The right to be forgotten – in certain circumstances you can ask us to delete the personal data we have about you, unless there is a legal requirement on our part to keep it;

The right to restrict processing – a right for you to request a suspension of personal data processing;

The right to data portability – a right to ask us for a copy of your personal data; and

The right to object – a right for you to object to us with respect to our use of your personal data.

 

The GDPR and Brandify

Brandify collects private consumer data to a limited degree on behalf of brand clients and resellers.  

Send to Email; Send to Phone

Visitors to store locators, local pages, and any other public pages we host on behalf of brands may be able to request that information, such as a store’s location, be sent to them via email or text message. We capture but do not store the user’s email or phone number in these cases.

Request a Quote; Click to Be Called

Other features on public pages we host on behalf of brands may include a request for a price quote or to be contacted by phone. In these cases, we store customer names, emails, and/or phone numbers on behalf of the brand.

Because the brand is the party of record interacting with the customer (the “data controller”), we need to work with you, the brand, to determine the notifications and permissions you would like to display to the user. In general, it’s best to include a line in the sign-up form that states, “I have read and accept the terms and conditions and privacy policy.” The underlined sections should link to your terms and conditions page and privacy policy page, and the user should have to check a box to indicate their acceptance. You’ll want to ensure your stated policies comply with the GDPR.

IP Addresses and GPS Location

In order to provide accurate, customized search results to users, many of our store locators contain code that automatically detects the user’s location by means of their computer’s IP address or the GPS coordinates of their phone. When asking for GPS coordinates, we always request permission from the user. In general, however, this form of data detection is not stored and only used to show a more relevant search result page.

Social Data

Brandify stores and reports on social data related to your brand, such as consumer reviews of your stores and social posts that mention your brand by name. Social data may include names, photos, and other personal data that users have opted to share on social networks. We collect this data through publicly available sources, such as APIs made available by social sites. In GDPR terms, the social sites themselves are the data controllers, and those sites have primary responsibility for guaranteeing the rights of their users. We will follow the direction of any social site that instructs us to remove personal data on behalf of its user or users. We will discontinue use of any such website that is not compliant with the GDPR.

Updated Privacy Policy

Please review Brandify’s updated Privacy Policy.

Questions?

We are reaching out to brands to coordinate any needed updates. In the meantime, please feel free to contact us at gdpr-questions@brandify.com and we’ll be happy to consult with you.