Back

GDPR : Frequently Asked Questions

on 

The GDPR (General Data Protection Regulation) is a European parliament directive to oversee the collection and processing of people's personal data. This directive applies to all entities that interact with people located in the EEA (European Economic Area). 

Who has to be in compliance with the GDPR?

If you have an application and at least one of your users resides in the EEA, the GDPR concerns you. 

Therefore:
  • GoodBarber clients (including users in trial periods) are required to comply with the GDPR.
  • Clients of GoodBarber resellers are required to comply with the GDPR. 
  • GoodBarber is required to comply with the GDPR.

Who is the Data Controller? Who is the Data Processor?

The GDPR defines the GoodBarber client as the "Data controller" of collected data. You are therefore required to comply with the GDPR and are subject to sanctions if not. 

The Data Controller is required to assure that the collection and processing of personal data is in compliance with the GDPR. 

The GDPR defines GoodBarber as one of your Data Processors for the processing of your data. GoodBarber is the technology provider that processes the collected data on your behalf.

As the Data Processor, GoodBarber has implemented the procedures and documentation necessary to be in compliance with the GDPR. Make sure to download and sign the Data Processing Agreement (DPA) . The DPA is an appendix to GoodBarber's general terms of service. It allows you to certify that GoodBarber processes data in compliance with the GDPR. 

In which cases is my app's data collection in compliance with the GDPR?

- If the person consented to the processing of his or her personal data, you're in compliance.
For example, if the person agrees to receive push notifications, he or she agrees that the data needed to identify him or her can be used for sending push notifications. 

- If processing is necessary for the service requested by the person, you're in compliance.
For example, if it's necessary to log in in order to access private parts of your app, the access process is carried out voluntarily by the person, who, after having read and accepted the terms of service of your application, agrees for the data provided to sign up to be used for signing into your app.

- If the collected data is anonymous, meaning that if the data doesn't allow someone to be identified, it is not necessary to obtain consent for the data processing and you're in compliance. 
For example, to calculate app usage statistics, GoodBarber uses a random token that doesn't allow any user in particular to be identified. (Please note, this is true for statistics provided by GoodBarber, not for those provided by third party tools). 
It is important to explain to your users what kind of data you're collecting, the reason you're collecting it, and how they can contact you concerning their rights. 

By publishing your app's general terms of service, your privacy policy and your policy regarding how cookies are handled, you'll be sure to correctly inform your users. 

Does my app collect personal data?

This isn't a yes or no question, as it depends on the way you've set up your application. Keep in mind that:

1) Anything that is just a simple page display not requiring prior authentication does not use personal data collection to work. 

2) Add-ons that rely on the Authentication add-on require personal data to work, which makes sense—in order to sign a user into an app you have to know who it is. GoodBarber allows you to display this legal notice when a user account is created. 

3) To receive a push notification or display information based on the user's position, consent is obtained by a pop-up displayed in the app. The user has the option to withdraw his or her consent later on through the operating system of his or her device. 

4) Form sections and plugins give you complete creation freedom (and possibly involve collecting information). If you application collects your users' personal data, it is important that you obtain their consent in order to do so. 

5) You have the option to use third party tools in your app (Google Analytics for example). If you have set up these tools to collect personal information via your application, it is important that you obtain user content in order to do so. 

What is the DPO?

The DPO (Data Protection Officer) is the person in your organization in charge of asserting your app users' rights in terms of personal data processing.
Don't forget to include this person's contact information in your back office (Settings > App Options > General Settings > Data privacy). This will allow us to put the DPO in contact with anyone who has a question regarding your app's personal data processing.  

Is GoodBarber in compliance with the GDPR?

Yes, GoodBarber is in compliance with the GDPR, on 2 levels:

1) In its commercial relationship with its clients
In its commercial relationship with its clients, GoodBarber is in compliance with the GDPR with respect to the rules that apply to the Data Controller.
Compliance with the GDPR is detailed in our General Terms of Service and in the associated appendixes: privacy policy, cookie policy. 

2) In its role as a Data Processor for its clients
GoodBarber is also in compliance with the GDPR as Data Processor in processing data collected by its clients. The GDPR compliance is detailed in the Data Processing Agreement (DPA) , which is an appendix to the general terms of service.