Blackbell & GDPR

Our commitment on the EU Data Regulation.

Sharon Brakha avatar
Written by Sharon Brakha
Updated over a week ago

About 

The EU General Data Protection Regulation (GDPR) will set a new standard for how companies use and protect EU citizens’ data. It will take effect from May 2018.

At Blackbell, we’ve been working hard to prepare for GDPR, to ensure that we fulfill our obligations and maintain our transparency about customer data and how we use this data. And help you meet yours.

---

What is GDPR? 

The EU General Data Protection Regulation (“GDPR”) is a new comprehensive data protection law that comes into effect on May 25, 2018. It will replace existing EU Data Protection law to strengthen the protection of “personal data” and the rights of the individual. It will be a single set of rules which govern the processing and monitoring of EU data.

---

Your role's vs. Blackbell's role 

1 - Blackbell as the Data Processor

As you are holding and processing data of EU visitors, through your Blackbell platform, the GDPR will also apply to you, whether you’re based in the EU or not.


2 - Blackbell as the Data Collector

Additionally, Blackbell acts as the data controller for the personal data we collect about you, the user of our web app, mobile apps, and website.

First and foremost, we process data that is necessary for us to perform our contract with you (GDPR Article 6(1)(b)).
Secondly, we process data to meet our obligations under the law (GDPR Article 6(1)(c)) — this primarily involves financial data and information that we need to meet our accountability obligations under the GDPR.
Thirdly, we process your personal data for our legitimate interests in line with GDPR Article 6(1)(f).

As the controller for your personal data, Blackbell is committed to respect all your rights under the GDPR. If you have any questions or feedback, please reach out to our Data Protection Officer by email at compliance@blackbell.com or refer to our Privacy Policy. 

---

Some key principles of the GDPR

  • A clear purpose: the data controller must specifically inform the individual of the use he will make of his personal data by collecting them

  • Relevant data: the data controller must only collect data that is strictly necessary for his treatment; this is the principle of minimizing collection

  • The retention period: the personal data must be kept sufficient time to the controller to achieve its purpose; beyond the data must be deleted

  • The rights of individuals: individuals may exercise their rights over the personal data held by the controller: access, rectification or deletion

---

How Blackbell's software helps towards GDPR compliance

Internal Processes & Documentation 

  • We’ve appointed a Data Protection Officer to oversee and advise on our data management. Get in touch through the messenger or by emailing compliance@blackbell.com

  • Training. All of the above is supported by extensive training efforts within the company so that the GDPR compliant processes we’ve put in place are followed. Sessions on data privacy and security are an integral part of our onboarding process and each department receives training that is tailored to their work involving personal data.

New & Improved Features

The pillar of our compliance is through the evolutions of our software product: improving our product to make it compliant is our priority.

  • Explicit consent 

From now on, we'll be asking your customers & visitors for explicit consent (rather than tacit consent), at signup, for the processing of their personal data.

ℹ️  This feature will become available on May 25th, 2018

  • Your Privacy Policy

As the data controller, you have the responsibility for the protection of the personal data of your visitors and customers. 

We are letting you display your privacy policy on your Blackbell site or link to it when a visitor signs up.


⚠️ Why it is important

Transparency and communication with your site visitors and customers are key elements of the GDPR. As part of the new regulation, you must let your site visitors know how you collect, store, and use their data, in a clear and transparent way. 

A privacy policy is a statement that discloses the ways in which your website gathers, uses, discloses, and manages your site visitors' data. Blackbell cannot provide you with legal advice on how to write a privacy policy, however, we do recommend that you maintain a clear and comprehensive privacy policy for your website / app, in accordance with the GDPR and local privacy regulations. 

As a site owner, it is your responsibility to inform your visitors / customers how your Blackbell site processes their data.

Make sure your third-party apps are GDPR compliant too.

As part of the GDPR, you are responsible for any third-party apps or services implemented on your site. These services can include data analytics tools (e.g. Google Analytics, the Facebook pixel, etc.). While reviewing your Blackbell site for GDPR compliance, make sure that these apps and services are also GDPR compliant. If you're not sure, contact them directly with your questions or concerns.

  • Cookie Consent

We will add a cookie notice to our website and our back office in order to comply with the E-Privacy Directive. We do not collect any personal information with our cookies, but we do want to acknowledge the use of cookie technology on our website.

We are also letting you add a cookie consent box on your Blackbell site to inform your visitors that your site uses Cookies (via Blackbell and other tracking tools you may add: Analytics, Facebook Pixels...). It's important to include information on how your site uses cookies and other tracking technologies you may have added. 

To add a Cookies consent box, you can use our JS Snippet tool under Settings > Utilities > Custom JS

  • NEW RIGHT: Deletion of personal data

Your customers have now the right to request that we delete all of their personal data. To help you comply with the GDPR legislation, we’ve updated our deletion features.

1 - Customers who wish to inquire about the right to be forgotten are able to reach out to us (Blackbell) at any time. Information on how to reach out to us will be included in our updated Privacy Policy. 

2 - We will include a link in your Blackbell back-office interface to allow you to request a data deletion of one of your customer's personal data.

---

  • NEW RIGHT: Access / Portability

A customer can request access to a copy of his personal data that we have collected. 

1 - Customers who wish to request portability can reach out to us (Blackbell) at any time. Information on how to reach out to us will be included in our updated Privacy Policy. 

2 - We will include a link in your Blackbell back-office interface to allow you to request the copy of a customer data your site might have collected.

---

  • NEW RIGHT: Personal data correction

A customer may ask to change his information that is stored with Blackbell. 

1 - Customers who wish to make a modification can reach out to us at any time. Information on how to reach out to us will be included in our updated Privacy Policy. 

2 - We will include a link in your Blackbell back-office interface to allow you to request a data correction of one of your customer's personal data.

---

  • Retention period

One of GDPR key principles: retaining personal data no longer than is necessary for the purpose you obtained it for.

The Act does not set out any specific minimum or maximum periods for retaining personal data. Instead, it says that:
"Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes."

Our decision around that matter: The retention period of your customers' data will by default be set to 2 years (in accordance with the recommendations of the 2002 CNIL), from the moment the customer has become inactive.
Meaning: If a customer has not logged in for 2 years, his data will be gone from your database, but the reports will remain - it means that the data will be anonymized.

You may, on request, decide to set a longer retention period.  

---

Questions

Feel free to reach out to us in the Messenger if you have any questions about GDPR - we’d be happy to chat to you about it.
Alternatively, reach us via email: compliance@blackbell.com

Blackbell is strongly convinced that meeting GDPR requirements is much more than just checking off boxes in a list. For us, the GDPR is truly a lifestyle of respect to individuals’ privacy and responsibility in handling personal data.

Did this answer your question?