Data Protection and GDPR Policy

The GDPR law grants the public increased rights and imposes rules on how data must be handled.

Good-Loop supports the GDPR. This policy document covers how Good-Loop handles the GDPR.

Hosting

Good-Loop services are hosted within the EU, and comply with GDPR regulations.

Process around Data Issues

Clients can contact Support with data and GDPR issues. We will provide support and help. This is also the process for subject-access requests.

You can contact our data protection officer (DPO) at:

Consent

It is important that companies have consent from individuals to store and process their data, and to communicate with them.

Most campaigns will not need extra consents.

Where Good-Loop collects personal data from users, for example emails for a mailing-list, we do so on an opt-in basis.

Data Security

Good-Loop stores all data on secure servers. Please see our Security Policy for more details.

If you suspect a data breach, you must notify Good-Loop support straight away.

The GDPR places legal obligations on handling data breaches, including time limits for responding. We aim to respond strictly faster than this in the event of any data breach.

If we suspect a data breach we will notify affected clients within 24 hours. We would then work with the affected client to identify the scope of the breach and take remedial action.

Good-Loop has not had a data breach in its history.

Rights of the Data Subject

Individuals ("data subjects") can contact a Good-Loop client with various requests. The client should lead the response to a data subject request, with the Good-Loop support team available to help clients handle these.

Right to be Informed

It is unlikely that this applies.

Right of Access

Good-Loop supports filtering by individual including by mentions. This makes it straightforward to respond to a request for data.

Right to Correct Data

Our data-subject data is sourced from external sites. The data subject can update their profile on Twitter or Facebook, and Good-Loop will automatically update with the correction.

Right to Erasure (right to be forgotten)

Please contact the support team, who can erase the data from the system. As this is not reversible, the support team should first verify the range of data to be deleted.

Erased data will instantly vanish from front-end use. It will take one month for all data to be removed from the system.

Right to Data Portability

Usually this right is satisfied by the social media networks from which Good-Loop draws data. However, it is also easy to extract data from Good-Loop in .csv form, in order to provide portable data should a data subject require it.

Automated Decision-Making

We do not recommend using Good-Loop for automated decision-making about a person that has legal or similar significant effects for that person. We are not aware of any clients who do so. If you should wish to do so, please check GDPR regulations.

GDPR Article 28 Compliance Checklist

Good-Loop acts as a Data Processor for its clients. We support the aims of the GDPR and we fully accept our responsibilities as a Data Processor. In order to comply with the requirements of Article 28 of the GDPR:

ePrivacy

Cookies

Cookies are important for the functioning of modern internet, but if misused they can threaten privacy rights. Our website and adverts use cookies. You can opt-out from cookies at any time: there is a simple button for this on the Privacy Policy page.

We aim to provide clear and comprehensive information about cookie use in our privacy policy and linked documents. If you have any questions, please do contact us.

Messages (email, SMS, push notifications)

We do not send unsolicited email or similar electronic messages. All such communications are done on the basis of the user opting in. The user can unsubscribe at any time.

Transparency Consent Framework (TCF)

The International Advertising Bureau (IAB) operates a framework for properly managing consent, called the Transparency Consent Framework (TCF).

Good-Loop supports the TCF and is on the Global Vendor List (GVL) as vendor #749.

See also

Please also see the following relevant policies: