GDPR COMPLIANCE

+441412126354

GDPR COMPLIANCE

This document should be treated as an attachment to The Munro Agency Cookie Policy and Privacy Policy.

GDPR (General Data Protection Regulation) applies from May 25, 2018. The Munro Agency is committed to having had introduced all appropriate and necessary changes in the app, on the website, and on the blog by that time. Here’s what The Munro Agency will do to comply with the regulation, and what The Munro Agency users need to know about GDPR.

What is The Munro Agency doing to comply with GDPR?

The Munro Agency sets out to meet all the GDPR requirements that relate to protecting the privacy concerns of our app users, website and blog visitors, as well as email lists subscribers.

Here’s what we are going to do before the regulation becomes binding:

familiarise ourselves with the full text of the regulation (COMPLETED)
attended training sessions (COMPLETED)
nominate Data Protection Specialist (COMPLETED)
track data flow at The Munro Agency to make sure we can identify where the data is stored in The Munro Agency (COMPLETED)
assess the threats of the data breach or any other incident at our company (COMPLETED)
make necessary changes to our Privacy Policy, Cookie Policy and Terms of Service documents (COMPLETED)
make a list of all the business areas that need to be taken care of to comply with the regulation (COMPLETED)
implement necessary changes in our business to make sure all staff comply with GDPR when sending emails from The Munro Agency (COMPLETED)
make a list of all the areas on the website and blog that need to be taken care of to comply with the regulation (COMPLETED)
implement necessary changes to the website and blog to make sure they abide by all the GDPR rules (COMPLETED)
make sure the personal data of The Munro Agency users and email lists subscribers are protected (COMPLETED)
educate the users about GDPR in relation to email outreach (COMPLETED)
prepare a GDPR compliance statement (COMPLETED)
come up with the ways of responding to a data breach (COMPLETED)
ensure we provide customers with a secure system for data transfer (COMPLETED)

What kind of a role does The Munro Agency have in data protection?

The Munro Agency is defined as:

1) data administrator in relation to The Munro Agency users and email lists subscribers;

2) data processor and data sub-processor in relation to the data owners whose personal data is uploaded to third party systems offered by The Munro Agency and used in emails sent from third party systems and by its users.

It means that as a company, we oversee a couple of matters:

The Munro Agency needs to inform its users and email lists subscribers whenever a third party takes part in processing their personal data.
The Munro Agency is obliged to immediately inform the data administrator (the user) in case a person from the user’s prospect list contacts The Munro Agency to stop the marketing
The Munro Agency openly informs about the ‘right to be forgotten’ and the ‘right to assist in data deletion’ on a special request. As The Munro Agency user or email list subscriber, you may request your personal data change or deletion. The detailed instruction on how to exercise those rights can be found below in the sectionAdequacy, relevance, limitedness of the GDPR Compliance.
The Munro Agency will address any violation of GDPR submitted at support[at]The Munro Agency.

Due Diligence:

The Munro Agency undertakes to use a commercially reasonable selection process by which it evaluates the security, privacy and confidentiality practices of proposed sub-processors that will or may have access to or process Service Data. please find a list of all suppliers we have checked in our GDPR Supplier Check.

What is GDPR?

The General Data Protection Act (GDPR) is being introduced by the European Union to regulate how personal data can be processed. It’s intended to reinforce data protection of the people who live in the EU.

Why is there a need for GDPR?

EU data protection rules haven’t been updated for over two decades. There are at least two reasons why the EU legislative branch decided to improve the existing data protection regulations.

Technological progress has a global reach – personal data processing is so ubiquitous in today’s online sphere that existing regulations were becoming obsolete;
Answering the need of EU citizens – according to Eurobarometer, 75% of people that have been asked in the 2011 survey want to exercise their so-called right to be forgotten. 90%, however, believes that it’s necessary to standardise the rights concerning personal data protection (source).

What kind of information falls under its protection?

GDPR is supposed to protect natural persons and their rights. It does not protect businesses, entities or organisations, and processing of their data.

It protects processing personal data, such as name, age, address, phone number, but also indirect identifications that influence their identity including physiological, mental, physical, genetic, economic, cultural and social identity. Basically, any information based on which one can identify the individual.

What does ‘processing’ mean?

‘Processing’ relates to personal data “collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction,” as in Article 4 (2) of the regulation.

What is the lawful basis for data processing?

To safely and legally process personal data in the light of GDPR, you should abide by several principles. Those are lawfulness, fairness, transparency, adequacy, relevance, limitedness, accuracy, storage limitation, integrity, and confidentiality.

Below you will read about how The Munro Agency abides by those principles and what actions you should, or shouldn’t, take to use The Munro Agency in accordance with GDPR.

Lawfulness, fairness, and transparency

As a data processor, The Munro Agency remains transparent and legitimate when processing data of its users and subscribers. All The Munro Agency users and subscribers get notified upon the signup process that the personal data they provide will be processed in ways specified by Terms of Service and Privacy Policy.

As data administrator, you should make sure your actions are transparent and the purpose of processing data is legitimate. It means you should be always able to prove that you had legitimate reasons to process personal data of EU citizens. You also need to be able to describe the whole process of obtaining the personal data you use.

Adequacy, relevance, limitedness

As a data processor, The Munro Agency processes only the data necessary in relation to the purposes for which it is processed. We do not collect or process any sensitive data such as gender, race, ethnic background, political views, etc.

The Munro Agency processes its users’ data as long as they have a The Munro Agency account (either trial account or a premium account), or until they express their wish for their personal data to be removed from our user base.

Munro Agency users can also request deletion of their data by contacting the support team at support[at]munro.agency

How we apply GDPR to cold email campaigns

If, at The Munro Agency, we decide to contact an EU citizen, who has not been a Munro Agency user or email list subscriber, we will do so only if we have a clear reason to claim that this is a contact relevant to our business purposes, and that at the same time, this contact could be beneficial to the contacted person.

If a person asks us to stop contacting them, The Munro Agency we will always respect that request and stop further contact immediately.

As data administrator, you can process personal data of EU citizens who have granted you permission to process their data by subscribing to one of your mailing lists. GDPR does not forbid cold emailing though, as long as you follow the data processing rules described in the regulation.

If you decide to contact a person who has not subscribed for email correspondence, and has not been in any business relationship with you before (cold email), you should have a clear reason to claim that this will be a contact relevant to your business purposes, and that at the same time this contact could be beneficial to the contacted person. If you place an offer in your cold email, the offer should be logically connected to the specifics of your prospect’s business.

You are required to inform your cold email recipient that you’re processing their data and how you process it. The email should also contain a clear and easily available information about how your prospect can request change or removal of their personal data.

You are obliged to immediately stop contacting prospects who expressed their wish not to be contacted again. If a prospect of yours demands that their data gets removed from your contact lists, you are obliged to remove it (in accordance with the ‘right to be forgotten’.)

You should process only the personal data that are necessary in relation to the purposes for which you process it. That means you should remove from your contact base all the personal data that are irrelevant to your email campaign, or be able to justify why a specific type of data is necessary for the goal you are trying to accomplish.

Storage limitation

The Munro Agency will keep every user’s personal data no longer than it’s necessary for the purposes for which the personal data are processed. At the same time, each data owner can request an exact time limit of their data processing.

As data administrator, you need to make sure you don’t keep personal data of your prospects longer than it’s necessary for the purposes for which the personal data are processed.

In case of cold email campaigns, you shouldn’t process a non-responsive prospect’s data longer than it may be assumed to be necessary, namely one month after you tried to contact the person for the first time. That means you should always keep your prospect base updated.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
JSESSIONID	session	Used by sites written in JSP. General purpose platform session cookies that are used to maintain users' state across page requests.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
__cfduid	1 month	The cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.

Cookie	Duration	Description
na_id	1 year 24 days	This cookie is set by Addthis.com to enable sharing of links on social media platforms like Facebook and Twitter
ouid	1 year 24 days	The cookie is set by Addthis which enables the content of the website to be shared across different networking and social sharing websites.

Cookie	Duration	Description
sid	7 days	This cookie is very common and is used for session state management.
YSC	session	This cookies is set by Youtube and is used to track the views of embedded videos.
_gat	1 minute	This cookies is installed by Google Universal Analytics to throttle the request rate to limit the colllection of data on high traffic sites.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.

Cookie	Duration	Description
B	1 year	This Cookie is used by Yahoo to provide ads, contents or analytics.
fr	3 months	The cookie is set by Facebook to show relevant advertisments to the users and measure and improve the advertisements. The cookie also tracks the behavior of the user across the web on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
koitk	10 years	This cookie is set by SharpSpring, a marketing automation platform. This is used for tracking visitors and form submissions.
pa_crosswise_ts	2 years	This cookie is set by Perfect Audience and is used for advertising purposes based on user behavioral data.
pa_google_ts	2 years	This cookie is set by Perfect Audience and is used for advertising purposes based on user behavioral data.
pa_openx_ts	2 years	This cookie is set by Perfect Audience and is used for advertising purposes based on user behavioral data.
pa_rubicon_ts	2 years	This cookie is set by Perfect Audience and is used for advertising purposes based on user behavioral data.
pa_twitter_ts	2 years	This cookie is set by Perfect Audience and is used for advertising purposes based on user behavioral data.
pa_uid	2 years	This cookie is set by prfct.co. This cookie is used across the websites that use same ad network to display ads to the other advertisers in the network.
pa_yahoo_ts	2 years	This cookie is set by Perfect Audience and is used for advertising purposes based on user behavioral data.
personalization_id	2 years	This cookie is set by twitter.com. It is used integrate the sharing features of this social media. It also stores information about how the user uses the website for tracking and targeting.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
uid	1 year 24 days	This cookie is used to measure the number and behavior of the visitors to the website anonymously. The data includes the number of visits, average duration of the visit on the website, pages visited, etc. for the purpose of better understanding user preferences for targeted advertisments.
uuid2	3 months	This cookies is set by AppNexus. The cookies stores information that helps in distinguishing between devices and browsers. This information us used to select advertisements served by the platform and assess the performance of the advertisement and attribute payment for those advertisements.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
_fbp	3 months	This cookie is set by Facebook to deliver advertisement when they are on Facebook or a digital platform powered by Facebook advertising after visiting this website.
__ss	1 day	This cookie is set by SharpSpring, a marketing automation platform. This is used for tracking visitors and form submissions.
__ss_referrer	1 hour	This cookie is set by SharpSpring, a marketing automation platform. This is used for tracking visitors and form submissions.
__ss_tk	25 years	This cookie is set by SharpSpring, a marketing automation platform. This is used for tracking visitors and form submissions.