Specific actions to assist Spark Chart customers meet the GDPR requirements
Here are some actions and advices to help Spark Chart customers with their GDPR compliance requirements.
Right to be forgotten
Customers may delete individual Respondents upon their request at any time. In addition, individual Respondents may contact Spark Chart directly to request deletion of their data from individual Spark Chart user’s accounts or across multiple Spark Chart users’ accounts (to the extent the Respondent is on more than one Spark Chart users’ list). It is important to remember that Spark Chart projects work independently, and deleting a Respondent from one project does not ensure that same email address will also be deleted from other lists.
Right to rectification
Customers may access and update or edit Respondent/Contact lists within your Spark Chart account at any time upon request. In addition, any data subject (including your Respondents and Contacts) may Contact Spark Chart directly to access, correct, and/or delete information that Spark Chart may hold about the data subject. Unless it is prohibited by law, we will remove any Personal Information about an individual, either our customer or a Respondent, at our customer’s or the Respondent’s request. There is no charge for an individual to access or update their Personal Information.
Right of access
Right of portability
Customers may export their project data at any time by accessing your Spark Chart account.
Consent and processing requirements
Customers must lawfully obtain and process email addresses and other personal data from their Respondents and Contacts.
The personal data of our customer’s Respondents and Contacts may be collected and transferred to Spark Chart via forms and processes made available in our application and projects designed by our customers. These projects and mail templates are important Spark Chart tools customers can use to ensure GDPR compliance. They are easy to use and you can begin designing them to meet specific GDPR compliance needs now.
Customers should carefully design each project and mail template to make sure that language in the body and/or footer is clear, specific, and covers all possible reasons for using the information being solicited. Customers should ensure they are very specific about the intended use of the information they are collecting.
While the information customers collect via these projects is being transferred to Spark Chart, it is the customer’s responsibility to ensure that they obtain consent from their customers and contacts to send their information to Spark Chart for processing, so they should ensure that all your forms, processes and systems, etc. include language that provides this consent.
Customer survey Respondents and contacts should have easy access to withdraw consent or change their preferences.
If using an autoresponder system to deploy surveys and capture respondent personal data, an “unsubscribe” option should be automatically included in the footer of every campaign. This allows campaign recipient to easily unsubscribe from customer lists, thereby helping customers comply with their GDPR obligations.
Customers also have the option to include a “policies” link and other links in the footer of any survey project, which will give their survey Respondents information and knowledge about how their data will be used and how they may access and update their profile details.
When requested to do so by a Respondent or contact, customers need to ensure that they update information stored within the customer’s Spark Chart account.
Customers should ensure that they maintain accurate records, especially of their Respondents and contacts’ consent permitting them to send them marketing emails and store and use their personal data.
Consent that customers obtain from Respondents and contacts must comply with the GDPR requirements, irrespective of when that consent was obtained. However, Recital 171 of the GDPR indicates that customers may be able to rely on any existing consent if it meets the GDPR standards for consent. This means that it is not necessary to re-request consent from your Respondents or Contacts provided you met the GDPR requirements when consent was initially obtained. Customers should seek legal advice to determine if consents obtained prior to the GDPR comply.
Customers should review any Spark Chart integrations or add-ons, and the associated terms, to ensure that they adequately disclose data processing activities to Respondents and Contacts.
Customers should review the privacy statement and practices applicable to their organization and ensure they provide proper notice that the personal data of survey Respondents or Contacts will be transferred to Spark Chart and processed by Spark Chart.