The General Data Protection Regulation (GDPR) is a set of regulations designed to empower European Union (EU) citizens by granting them control over their personal data. These regulations apply to EU citizens as well as businesses that handle the personal data of EU citizens.
1. How Our Add-Ons Facilitate GDPR Compliance?
As a valued customer, you act as the data controller, while we function as the data processor. It is your responsibility to ensure that the personal data you collect is processed lawfully. Similarly, as processors, we are committed to complying with the GDPR.
2. Data Collection
- Explicit Consent: GDPR mandates explicit consent from your email subscribers to receive communications from you. We recommend using a double opt-in process to align with GDPR requirements. For existing EU individuals on your marketing lists, consider reaching out via email to confirm their consent.
- Unsubscribe Link: In your marketing emails, include a visible unsubscribe link that allows subscribers to instantly opt-out from receiving future communications.
3. Data Storage and Processing
Your Data, Your Control: Your customer’s data remains securely stored within your Google account, whether it’s in Google Sheets, Docs, Gmail, Google Drive, or Google Forms. Our add-ons access this data directly to perform necessary actions without transferring personal data to our servers.
Email and File Security: We do not store email messages or the content of Google Drive files on our servers. Form submissions are also not retained. Optional campaign tracking data, such as recipient email addresses, unsubscribers, and bounced emails, are stored in our database solely for reporting purposes.
Server Location: User data is stored and processed in the United States (East) data centre of Google Cloud database (US-east).
Error Tracking: We use Google’s Stackdriver logging tool for error tracking and debugging. These logs contain stack traces and error messages but do not include any personally identifiable information (PII).
Payment Processing: For payment management, we utilize PayPal, Stripe, and Paddle. These processors only provide customer email addresses and, in the case of PayPal, shipping addresses for generating invoices. We do not have access to banking or credit card information.
4. Data Portability
No Third-Party Sharing: We do not transfer, sell, copy, or share your data processed by our Google Add-ons with third-party services or companies. We only retain data essential for our add-ons’ functionality.
Easy Data Export: You have the ability to download and export all your subscriber information in Google Sheets, making it easier for migration to other services.
5. Data Erasure (Right to be Forgotten)
Deactivation Option: All our add-ons offer a deactivation option that permanently deletes user data from the database. You can also contact us to request data deletion, and we will comply with GDPR regulations by permanently erasing your data.
Addon Access Control: If you uninstall a Google Addon or revoke its access from your Google Account, the addon will no longer have access to your data and will cease functioning immediately.
6. Your Key to GDPR Compliance
Our Google Addons leverage your Gmail account to send emails and enable you to input customer profile data through Google Sheets and Google Forms. It’s important to note that while our tools facilitate GDPR compliance, your sending practices play a crucial role in adhering to GDPR regulations.