The GDPR law grants the public increased rights and imposes rules on how data must be handled.
Good-Loop supports the GDPR. This policy document covers how Good-Loop handles the GDPR.
Good-Loop services are hosted within the EU, and comply with GDPR regulations.
Clients can contact Support with data and GDPR issues. We will provide support and help. This is also the process for subject-access requests.
You can contact our data protection officer (DPO) at: technical.help at good-loop.com
It is important that companies have consent from individuals to store and process their data, and to communicate with them.
Most campaigns will not need extra consents.
Where Good-Loop collects personal data from users, for example emails for a mailing-list, we do so on an opt-in basis.
Good-Loop stores all data on secure servers. Please see our Security Policy for more details.
If you suspect a data breach, you must notify Good-Loop support straight away.
The GDPR places legal obligations on handling data breaches, including time limits for responding. We aim to respond strictly faster than this in the event of any data breach.
If we suspect a data breach we will notify affected clients within 24 hours. We would then work with the affected client to identify the scope of the breach and take remedial action.
Good-Loop has not had a data breach in its history.
Individuals ("data subjects") can contact a Good-Loop client with various requests. The client should lead the response to a data subject request, with the Good-Loop support team available to help clients handle these.
It is unlikely that this applies.
Good-Loop supports filtering by individual including by mentions. This makes it straightforward to respond to a request for data.
Our data-subject data is sourced from external sites. The data subject can update their profile on Twitter or Facebook, and Good-Loop will automatically update with the correction.
Please contact the support team, who can erase the data from the system. As this is not reversible, the support team should first verify the range of data to be deleted.
Erased data will instantly vanish from front-end use. It will take one month for all data to be removed from the system.
Usually this right is satisfied by the social media networks from which Good-Loop draws data. However, it is also easy to extract data from Good-Loop in .csv form, in order to provide portable data should a data subject require it.
We do not recommend using Good-Loop for automated decision-making about a person that has legal or similar significant effects for that person. We are not aware of any clients who do so. If you should wish to do so, please check GDPR regulations.
Good-Loop acts as a Data Processor for its clients. We support the aims of the GDPR and we fully accept our responsibilities as a Data Processor. In order to comply with the requirements of Article 28 of the GDPR:
- As a Data Processor, we will only act on the instructions of the Data Controller (unless required by law to act without such instructions).
- All people processing the data within our organisation, whether they are staff or contractors, agree to confidentiality clauses.
- We take data security seriously, and take appropriate measures to ensure the security of processing (please see our security policy for more detail).
- We will only engage a sub-processor with the prior consent of the Data Controller and with a written contract.
- We will assist the Data Controller in providing subject access and allowing data subjects to exercise their rights under the GDPR.
- We will assist the Data Controller in meeting its GDPR obligations in relation to the security of processing (Article 32 GDPR), the notification of personal data breaches (Article 33 GDPR), and data protection impact assessments (Article 35 GDPR).
- We will delete or return all personal data to the Data Controller as requested at the end of the contract.
- We agree to reasonable audits and inspections, and to provide the Data Controller with whatever information it needs to ensure that we are both meeting Article 28 obligations.
- We will tell the controller immediately if asked to do something infringing the GDPR or other data protection law of the EU or a member state.
We do not send unsolicited email or similar electronic messages. All such communications are done on the basis of the user opting in. The user can unsubscribe at any time.
The International Advertising Bureau (IAB) operates a framework for properly managing consent, called the Transparency Consent Framework (TCF).
Good-Loop supports the TCF and is on the Global Vendor List (GVL) as vendor #749.
Please also see the following relevant policies: