Data protection preparation / configuration options

If your program handles personal data of any person located in the European Union, the EU General Data Protection Regulation (GDPR) requires your organisation to comply with the regulation, regardless of where in the world your organisation is located. You are well advised to familiarise yourself with the regulation— there are many helpful, plain-language guides online. The full text of the regulation is available on a neatly arranged website here.

Complying with GDPR may not be relevant for you— in any case, we still encourage best-practice protection of personal data wherever you are. There are likely to be other data protection laws that do apply to your organisation. This article highlights Award Force features to help you comply.

Important: this article is not legal advice, nor an exhaustive guide to GDPR compliance. If data protection regulations are applicable to your program you should familiarise yourself with the regulations and seek legal advice where necessary, particularly if your program collects personal data.

Data protection preparation checklist

Review the configuration of the following features available in Award Force to help you with data protection compliance. Summary of steps, with further detail below:

Agreement to privacy policy

To obtain explicit agreement from users to our standard (GDPR compliant) privacy policy, cookie policy and terms of service, activate this feature as follows:

  1. In the Manage workspace, go to Settings > Users > Registration
  2. Tick the checkbox Display checkbox requiring agreement to terms
  3. You may also choose to Modify default text, and/or linked policies--please see more details regarding updating the Privacy Policy here
  4. Click Save

With this feature activated:

  • New users will be required to tick a box when registering, that they agree to the terms
  • Existing users, when they next log in, will be asked to agree to the terms
  • Users' agreement is recorded with the text they agreed to, timestamped, on their user record

Consent to receive notifications and broadcasts

To obtain explicit consent from users to receive notifications/broadcasts, activate this feature as follows:

  1. In the Manage workspace, go to Settings > Users > Registration
  2. Tick the checkbox Display checkbox for optional consent to receive notifications and broadcasts
  3. You may also choose to Modify default text
  4. Click Save

With this feature activated:

  • New users can optionally tick a box when registering, that they consent
  • Existing users, when they next log in, will be asked to consent
  • Users' consent is recorded with the text they agreed to, timestamped, on their user record

RelatedPrivacy policy and terms of service

Subscription preferences

All broadcasts and notifications sent from Award Force include a link in the email footer to "Unsubscribe from our emails". This link takes the recipient to a preference centre on their account. You can see what this looks like and the options as follows:

  1. Log in to your account, click on your name at top right, then Profile
  2. Go to the Preferences tab

There is an article linked from that tab, that explains for users the importance of your broadcasts and notifications. You can see that article here.

Cookie notice and consent

To obtain explicit consent from users to the use of cookies, activate this feature as follows:

  1. In the Manage workspace, go to Settings > Users > Registration
  2. Under the 'Cookies' heading, select the Request explicit consent to cookies from users checkbox
    Request explicit consent to cookies from users checkbox under Cookies
  3. Click Save
  4. You may also choose to modify the default consent text by going to Content > Content blocks in the Manage workspace and clicking on Cookie notice to edit

With this feature activated:

  • Users that have not made a consent selection will be shown a "Cookies in use" message at the top of the page, with option to Allow cookies
  • Users' consent is recorded with the text they agreed to, timestamped, on their user record
  • Users can change the cookie consent option at any time by going to the Preferences tab on their Profile

Related: What does the 'Cookies in use' banner mean?

Fields containing personal data

You should review all fields configured on your program for whether they are collecting and storing personal data. On field configuration there is a Data protection option that you can set to one of:

  • Standard
  • Elevated (personal data)
  • Maximum (sensitive personal data)

There is more detail about data protection on fields here.

User permanent deletion

Under GDPR and other data protection laws, data subjects (your users) have the right to erasure, also known as the ‘right to be forgotten’. A user has the legal right to ask you for their personal data to be permanently deleted from your records, which you must action. Users are not able to action this permanent deletion themselves, but you can permanently delete a user from Award Force on their behalf.

Find more details about the permanent deletion of users here.

Data Protection Addendum with Award Force

To comply with GDPR, you need to have a Data Protection Addendum (DPA) in place with us. With respect to the handling of personal data in your account— under GDPR, your organisation is the data controller, and Award Force is the data processor. Article 28 requires a contract that binds the processor (that’s Award Force) to apply appropriate data protection measures when processing data on behalf of the controller (that’s you). 

Please note the DPA is incorporated into our standard agreement Ref: Standard agreement, clause 1.8, the DPA, which means it is already in place and signing a separate document is not necessary.

Was this article helpful?
4 out of 5 found this helpful

Articles in this section