Data protection preparation / configuration options

 

If your program handles personal data of any person located in the European Union, the EU General Data Protection Regulation (GDPR) requires your organisation to comply with the regulation, regardless of where in the world your organisation is located. You are well advised to familiarise yourself with the regulation— there are many helpful, plain-language guides online. The full text of the regulation is available in a neatly arranged website here.

Complying with GDPR may not be relevant for you— in any case, we still encourage best-practice protection of personal data wherever you are. There are likely to be other data protection laws that do apply to your organisation. This article highlights Award Force features to help you comply.

Important: This article is not legal advice, nor an exhaustive guide to GDPR compliance. If data protection regulations are applicable to your program you should familiarise yourself with the regulations and seek legal advice where necessary, particularly if your program is collecting personal data.
Data protection preparation checklist

Review the configuration of the following features available in Award Force to help you with data protection compliance. Summary of steps, with further detail below:

  1. Agreement to privacy policy, activation
  2. Consent to receive notifications and broadcasts, activation
  3. Subscription preferences, familiarisation
  4. Cookie notice and consent, activation
  5. Fields containing personal data, review and activation
  6. User permanent deletion, familiarisation
  7. Sign a Data Protection Addendum with Award Force
Agreement to privacy policy

To obtain explicit agreement from users to our standard (GDPR compliant) privacy policy, cookie policy and terms of service, activate this feature as follows:

  1. Go to Settings > General
  2. Tick the checkbox Display checkbox requiring agreement to terms

    consent.png

  3. You may also choose to Modify default text, and/or linked policies
  4. Click Save

With this feature activated:

  • New users will be required to tick a box when registering, that they agree to the terms
  • Existing users, when they next log in, will be asked to agree to the terms
  • Users' agreement is recorded with the text they agreed to, timestamped, on their user record
Consent to receive notifications and broadcasts

To obtain explicit consent from users to receive automatic / bulk communications, activate this feature as follows:

  1. Go to Settings > General
  2. Tick the checkbox Display checkbox for optional consent to receive notifications and broadcasts

    consent2.png

  3. You may also choose to Modify default text
  4. Click Save

With this feature activated:

  • New users can optionally tick a box when registering, that they consent
  • Existing users, when they next log in, will be asked to consent
  • Users' consent is recorded with the text they agreed to, timestamped, on their user record
Subscription preferences

All broadcasts and notifications sent from Award Force include a link in the email footer to "Unsubscribe from our emails". This link takes the recipient to a preference centre on their account. You can see what this looks like and the options as follows:

  1. Log in to your account, click on your name at top right, then Profile
  2. Go to the Preferences tab

There is an article linked from that tab, that explains for users the importance of your broadcasts and notifications. You can see that article here.

Cookie notice and consent

To obtain explicit consent from users to the use of cookies, activate this feature as follows:

  1. Go to Settings > General
  2. Tick the checkbox Request explicit consent to cookies from users

    cookies.png

  3. Click Save
  4. You may also choose to modify the default consent text by going to Content > Content blocks and clicking on Cookie notice to edit

With this feature activated:

  • Users that have not made a consent selection will be shown a "Cookies in use" message at the top of the page, with option to Allow cookies
  • Users' consent is recorded with the text they agreed to, timestamped, on their user record
  • Users can change the cookie consent option at any time by going to the Preferences tab on their Profile
Fields containing personal data

You should review all fields configured on your program for whether they are collecting and storing personal data. On field configuration there is a Data protection option that you can set to one of:

  • Standard
  • Elevated (personal data)
  • Maximum (sensitive personal data)

There is more detail about data protection on fields here.

User permanent deletion

Under GDPR and other data protection laws, data subjects (your users) have the right to erasure, also known as the ‘right to be forgotten’. A user has the legal right to ask you for their personal data to be permanently deleted from your records, which you must action. Users are not able to action this permanent deletion themselves, but you can permanently delete a user from Award Force on their behalf.

Find more details about permanent deletion of users here.

Sign a Data Protection Addendum with Award Force

To comply with GDPR, you will need to have a Data Protection Addendum in place with us. With respect to the handling of personal data in your account— under GDPR, your organisation is the data controller and Award Force is the data processor. Article 28 requires a contract that binds the processor (that’s Award Force) to apply appropriate data protection measures when processing data on behalf of the controller (that’s you).

You may require us to sign your own Data Protection Addendum document. Or, for your convenience we have a Data Protection Addendum prepared. Please email dataprotection@awardforce.com to arrange signing of an addendum.