As of May 25th, 2018, the General Data Protection Regulation is in effect. The GDPR aims to give control of personal data back to the citizens while harmonizing the data protection regulations throughout the EU.At iPaper, we have been following the GDPR closely and have been making a number of changes to our product and processes. This is to ensure that we are fully compliant with the GDPR as well as ensuring that our customers can remain compliant with the GDPR while using iPaper as well.
This is the individual person for whom you may gather and store data.
This is the iPaper user who is ultimately responsible for controlling the data of the data subjects.
This is iPaper who processes the data of data subjects as asked by the data controller.
The GDPR forces all data controllers to document their processing of data and to ensure that any processors they use also live up to the GDPR. We have made a Data Processor Agreement (DPA) that documents what data we process as well as how we process it. To access our DPA, please sign in to your iPaper account. To the right hand side of the screen please click the 'Home' icon and select "Legal & Compliance" from the drop down menu. There you will find a link to the DPA.
If you are not already a customer and would like a copy of the DPA, feel free to write to firstname.lastname@example.org.
To ensure that the iPaper product is compliant with the GDPR and to give you the tools to ensure your own compliance with GDPR, we have implemented a number of product changes.
One of the main tenets of the GDPR is to increase transparency and ensure that the data subject consents to any use of personal information. While it is possible to add consent checkboxes to most iPaper forms, we are building it into the product directly, ensuring any stored consents are valid. Going forward, it will be possible to include a required consent option when designing Forms & Pop-ups in iPaper. When the data subject gives consent, we store that fact along with the actual text the data subject gave consent to enabling you to document the consent given at a later time.
iPaper has never been used or intended as a permanent storage location for personal data. Newsletter signups are forwarded to customers' marketing systems shortly after signing up. Shop orders are sent directly to customers' ERP systems or forwarded as emails to sales staff. Competition signups are exported to Excel on a weekly basis. As such, there is no reason for this data to stay in iPaper for longer than necessary.
To ensure no data is forgotten in iPaper, we will start automatically deleting any data that may contain personally identifiable information after a three-month period. This leaves ample time to export the data into the customer's own systems while still keeping a backup in iPaper for three months.
Aggregated data will not be deleted. All statistics, visitor analytics, heatmaps, conversion rates, etc. will thus be stored forever. None of this data can be pinpointed to any individual person and is thus not in the scope of GDPR. So what will be deleted?
Besides increasing the control on how data is stored and processed, the GDPR also ensures that data subjects own their own data. This gives the data subjects control over their own data, granting them the right to access their own data, to correct their own data, and to request their data to be deleted (e.g. forgotten).
You can export all data from your iPaper account and thus provide relevant data to the data subject.
The automatic deletion of data will ensure that no historical data is stored, leaving only the most recently submitted data in iPaper. If you need help in removing a specific data subjects data, reach out to email@example.com and we will help you out.
Most data submitted by data subjects cannot be edited directly. If you need help in correcting any of this data, please reach out to firstname.lastname@example.org and we will help you out.