GDPR : Frequently Asked Questions
Written by Jerome Granados on Tuesday, May 22nd 2018
Who has to be in compliance with the GDPR?
- GoodBarber clients (including users in trial periods) are required to comply with the GDPR.
- Clients of GoodBarber resellers are required to comply with the GDPR.
- GoodBarber is required to comply with the GDPR.
Who is the Data Controller? Who is the Data Processor?
The Data Controller is required to assure that the collection and processing of personal data is in compliance with the GDPR.
The GDPR defines GoodBarber as one of your Data Processors for the processing of your data. GoodBarber is the technology provider that processes the collected data on your behalf.
As the Data Processor, GoodBarber has implemented the procedures and documentation necessary to be in compliance with the GDPR. Make sure to download and sign the Data Processing Agreement (DPA). The DPA is an appendix to GoodBarber's general terms of service. It allows you to certify that GoodBarber processes data in compliance with the GDPR.
In which cases is my app's data collection in compliance with the GDPR?
For example, if the person agrees to receive push notifications, he or she agrees that the data needed to identify him or her can be used for sending push notifications.
- If processing is necessary for the service requested by the person, you're in compliance.
For example, if it's necessary to log in in order to access private parts of your app, the access process is carried out voluntarily by the person, who, after having read and accepted the terms of service of your application, agrees for the data provided to sign up to be used for signing into your app.
- If the collected data is anonymous, meaning that if the data doesn't allow someone to be identified, it is not necessary to obtain consent for the data processing and you're in compliance.
For example, to calculate app usage statistics, GoodBarber uses a random token that doesn't allow any user in particular to be identified. (Please note, this is true for statistics provided by GoodBarber, not for those provided by third party tools).
Do I have to display legal notices in my app?
Does my app collect personal data?
1) Anything that is just a simple page display not requiring prior authentication does not use personal data collection to work.
2) Add-ons that rely on the Authentication add-on require personal data to work, which makes sense—in order to sign a user into an app you have to know who it is. GoodBarber allows you to display this legal notice when a user account is created.
3) To receive a push notification or display information based on the user's position, consent is obtained by a pop-up displayed in the app. The user has the option to withdraw his or her consent later on through the operating system of his or her device.
4) Form sections and plugins give you complete creation freedom (and possibly involve collecting information). If you application collects your users' personal data, it is important that you obtain their consent in order to do so.
5) You have the option to use third party tools in your app (Google Analytics for example). If you have set up these tools to collect personal information via your application, it is important that you obtain user content in order to do so.
What is the DPO?
Don't forget to include this person's contact information in your back office (Settings > App Options > General Settings > Data privacy). This will allow us to put the DPO in contact with anyone who has a question regarding your app's personal data processing.
Is GoodBarber in compliance with the GDPR?
1) In its commercial relationship with its clients
In its commercial relationship with its clients, GoodBarber is in compliance with the GDPR with respect to the rules that apply to the Data Controller.
2) In its role as a Data Processor for its clients
GoodBarber is also in compliance with the GDPR as Data Processor in processing data collected by its clients. The GDPR compliance is detailed in the Data Processing Agreement (DPA), which is an appendix to the general terms of service.