What is GDPR?
General Data Protection Regulation (GDPR) is the European Union's (EU) legal framework for new data protection laws which comes in effect from May 25, 2018, The goal of these sweeping changes is to protect the data privacy and rights of the EU citizens, by setting guidelines for companies on how they can use and process personal data.
Does GDPR apply to my business?
It goes without saying that since GDPR is an EU framework, all business based in the EU will have to be GDPR compliant. But the framework is far reaching and affects businesses outside the EU as well. If you are collecting, recording, storing, using or processing the personal data from customers who are EU citizens, then you will need to be GDPR compliant.
We would highly recommend consulting with your legal counsel about the full scope of GDPR and how it affects your business.
How is PushOwl preparing for GDPR?
PushOwl is fully committed to being compliant with the latest regulations. We value the privacy & rights of our users and their customers. As part of our process for being GDPR compliant, we have reviewed and updated our internal systems and processes, database and documentation.
Here are the steps PushOwl has taken in order to be ready for GDPR:
- Updated our Data Processing Agreement (DPA) to meet the requirements of the GDPR. You can lawfully transfer personal data from the EU to PushOwl, and we can continually receive and process this data. (Available on request)
- Reviewed and updated our third-party vendor contracts to ensure they are GDPR ready. This will allow us to lawfully transfer EU personal data to those third parties and permit those third parties receive and process that data on our behalf.
- Implemented Shopify's mandatory webhooks concerning the redaction of your data, in line with the GDPR laws. Data will be redacted in accordance with Shopify's Policies.
- Trained our team so that they are aware about GDPR and the requirements of its laws. Moving forward, we will be developing our product and business strategy with the new laws in mind.
- Created new features and improved existing ones, giving you the ability to get consent with showing the browser prompt which is critical for getting subscribers.
- Created new features for giving you more control over what personal data they want to collect.
- The ability to export subscriber data has now been enabled across all plans. In order to do so, you will have to create an FCM account and add it to PushOwl.
Features to ensure GDPR compliance
According to GDPR, PushOwl is classified as a "Data Processor". In other words, PushOwl processes the data of the visitors who subscribe to your store for web push notifications, including both personal and non-personal data.
A new "Privacy" tab on the Settings page is dedicated to give you control over the data they want to collect and allow PushOwl to process on their behalf.
- IP Address - Gives you the choice of collecting anonymized IP address (with the last octet deleted) or not to collecting any IP addresses.
- Geo-location - Helps you geo-locate your subscribers. You can choose to disable this option, which will limit your ability to send personalized notifications based on location parameters.
- Notification Preferences - When your subscribers click on a notification. a widget will be displayed during their web session. This widget will allow subscribers to access their data, delete their data or unsubscribe (coming soon) from your store.
- Customer ID - PushOwl uses Shopify's customer ID data for revenue attribution. These are critical for the proper functioning of automated notifications (eg - abandoned cart reminders, shipping notifications, back in stock and price drop alerts).
- Usage Access - This is an an option which directly affects the ability of our support team to diagnose and fix issues you are facing. You can choose to disable this feature if you don't need support access and critical updates regarding your store.
Note: This document is not meant to be interpreted as legal advice. Please get professional guidance from your legal counsel on how GDPR impacts your business and what is required for you to be compliant with the new rules.