Kickbooster is committed to protecting you, your data and your experience on the platform. We therefore wanted to share with you how we're handling the new regulation passed by the EU: the GDPR


First off, what is the GDPR?

The General Data Protection Regulation, known as GDPR, is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU). This new regulation takes effect on May 25, 2018

The three main principles discussed in this new regulation are transparency, control and accountability of storing and processing a customer’s data.


How does GDPR affect Kickbooster?

The GDPR holds a company accountable for how it controls and/or processes personal data. In the instance where Kickbooster is collecting information regarding Campaign Admins and Affiliates (i.e. Boosters), such as when they register an account with Kickbooster, we are considered the Data Controller. What this means is that we decide why and how we handle the personal data we collect.

In other instances, such as when we are sent data by Campaign Admins regarding customers (i.e. backers), Kickbooster is considered the Data Processor. In this instance, we are merely processing the personal data for the Campaign Admin.


What has Kickbooster done to comply with GDPR?

As a Data Controller

As a Data Controller, Kickbooster stores our users' data such as name, email, and billing address. This data is strictly used to provide services and communicate updates related to our platform. The data is stored within our cloud hosting infrastructure. 

We have defined data request and removal processes to ensure that you have control over your data. 


As a Data Processor

As a Data Processor, we handle customer information on behalf of Kickbooster's Campaign Admins. This can consist of names and email addresses. 

  • We've updated our privacy policy to give users a more detailed look into how we handle data. 

  • Data Controllers (Campaign Admins) may act on Personal Data within Kickbooster by contacting our support staff. 

  • Kickbooster automatically anonymizes Data Controllers' customer information upon 30 days after the relevant Affiliate Fees invoice has been cleared. 

  • Campaign Admins can find our Data Processing Addendum (DPA) here which can be signed and returned to privacy@kickbooster.me and stored in their own records. 

In General

  • We've updated our Privacy Policy to address key principles of the GDPR including an overview of the data we collect, insight into how we handle and store that data, and detailed information around the control individuals have over their own data. 

  • We've completed an audit of our physical, technical, and administrative security to make sure that we can continue to be confident that personal information is kept safe. We've made adjustments and taken reasonable measures to minimize the risk to personal data.

  • Internally, we've reviewed processes to make sure that we are handling personal information (when it is provided to us by our customers) in a way that meets the high standards set by the GDPR.

  • One of our biggest undertakings has been to work with every single vendor or sub-processor used by our team that could potentially come into contact with personally identifiable data. This includes server hosts, live chat software, and everyone in between. We're making sure that they are meeting requirements as set out by the GDPR, and where they aren't able to do this, we're finding alternatives or discontinuing these relationships altogether. We've also signed Data Processing Agreements (or Addendums, where appropriate) to ensure that the transfer of this data to countries without adequate privacy laws (as determined by the European Commission) is done safely.


How can I access, erase, restrict, or rectify data within Kickbooster?

Boosters

Once all pending commissions have been paid to you, you have the ability to delete your data from within your account settings. Otherwise, please contact team@kickbooster.me for assistance. 

Campaign Admins

Once the campaign is over and there are no pending invoices requiring payment, Campaign Admins can email team@kickbooster.me to have their account deleted. 

Anyone Else

Please contact privacy@kickbooster.me to access, erase, or rectify your data.


Kickbooster's Data Processing Addendum

As mentioned above, Campaign Admins can find the data processing addendum here. The DPA certifies that Kickbooster, along with our contracted processors, are all GDPR compliant.


Do I have to sign the DPA?

All businesses are responsible to do their own GDPR requirements. Once signed, customers can provide the DPA to auditors to show that they use Kickbooster and that data is being processed in a way that meets their GDPR compliance obligation. Choosing to not sign the Data Processing Addendum and save it in your records is done at your own risk

Please send the signed addendum or any questions relating to the addendum to privacy@kickbooster.me


Related: How do I delete my account?

Did this answer your question?