This support article is intended as a help and a guideline. This article should not be equated with legal advice.
Fastbase LeadScoring is a data processor
As Fastbase LeadScoring is driven by data collection, it is important to comply with the law and regulations.
A data processor agreement with us is required. You will find it in our general terms and conditions.
If your company collects, uses, or processes data on EU citizens, you must comply with GDPR. GDPR sets requirements for how your company should handle the collection and handling of personal data.
Personal data is defined as data that can be related to a specific person – here no distinction is made between private and public persons.
In the system, you are welcome to store and process personal data. Personal data covers a broad spectrum and the rule of thumb is, if the data relates to a person, then it is personal data. For example:
- Address information
- contact info
- CRM information
- Order history
- Website visit history
- IT Information such as location, IP address, Cookies
In system you must not store SENSITIVE information, e.g.
- Bank details
- Payment card information
- CPR, Passport, and driving license number
- Political beliefs
- Health information
- Sexual relationships
- Racial or ethnic background
The various consents
Compliance with the GDPR requires that you clearly show your users what data you are storing and what consents have been given
- Cookies – consent
- Personal data – consent
- Marketing – consent
GDPR contains several rules regarding information about and consent to cookies which are stored on your computer.
The cookie rules must be observed both on websites and mobile sites.
Users must have the option to refuse consent or revoke an already given consent. In this connection, a clear, precise, and easy-to-understand guide must be provided on how users can consent and revoke consent.
Cookie consent is handled on the website. Not by the system
The owner of the website is responsible to be compliant with cookie consent.
No personal information is stored in the cookie, only an identification of the computer. The cookie does not identify you as a person, only the computer. The cookie is used to collect digital information about the visit to the website. We uses this information to personalize and target messages on the website, online advertising, newsletters, and personal dialogue with the company.
__ lsv – Created at each visit, deleted after 5 minutes. Used to separate visitors.
__ lsk – Can be created by interacting with the company’s website. Deleted automatically after 1 year. The period is extended at each return visit. Contains an ID to identify the computer accessing the website
__ lsm – Can be created by interacting with the company website. Deleted automatically after 6 months. The period is extended at each return visit. Contains information to personalize the website based on previous visits and saved information.
2. Data processing consent
If processing is based on consent, you must be able to document that the private individual has given consent to the processing of his or her data.
This can be done, for example, by ticking a box when visiting a website, or another statement or action that indicates in this connection the private person’s acceptance of the proposed processing of his or her data. Silence, pre-checked fields, or inactivity therefore do not constitute consent. Consent should cover all treatment activities performed for the same purpose or purposes. When treatment serves several purposes, consent should be given individually for all of them.
Requests for consent must be made in an easy-to-understand and easily accessible forms.
The private individual may withdraw his consent at any time. It must be as easy to withdraw his consent as to give it. Withdrawal of consent does not affect the lawfulness of the treatment based on consent before the withdrawal.
Consent must be freely given. This means that the conclusion of an agreement must not be made conditional on the private individual agreeing to the processing of any personal data that is over and above that required for fulfilling the agreement.
Example of design of consent
“By placing an order, I give consent for [company name] to process my data to fulfil the agreement with [company name] and for the administration of my profile on the company’s website.”
Data processing consent is handled on the website. Not by the system
It is the owner of the website, that is responsible to be complient with data processing consent.
3. Marketing content
Any submission of marketing channels, such as newsletters, promotional emails or otherwise, will in principle require the consent of the recipient.
Examples of design of consent
“Yes please, I would like to receive offers via email from [company name] for [products] [services].”There must be a field here that the customer can cross off.
Marketing consent is handled on the website. Not by system
It’s the owner of the website, that is responsible to be compliant with marketing consent.