GDPR

Qiota et GDPR

On the new regulation on the protection of private data
The GDPR is a privacy law of the European Union (EU) that will affect all businesses when it becomes applicable on May 25, 2018. It regulates how an organization processes or uses the personal data of EU citizens, including organizations outside the EU. Personal data is data that, alone or with other data, can identify a person.
The GDPR focuses on extending the rights to the protection of the personal data of European residents. Its objectives are:
A right of access and increased control over people's personal data
A strict definition of consent for the collection of these data
More transparency on the use of the data at the end of the collection

New rights for your contacts on Qiota
The GDPR creates new rights for access and data protection for data subjects:
Right of rectification: data subjects may request that their information be updated or corrected.
Right to be forgotten: data subjects can request that their information be permanently deleted.
Right to portability: Data subjects may request that their information be transmitted to another organization or a competitor.
Right of opposition: data subjects may request that their information not be subject to certain treatments or uses.
Right of access: the persons concerned have the right to know all the data that has been collected about them and the use that is made of them.

What and who
If you collect, modify, transmit, delete or use or store the personal data of EU citizens, you must comply with the GDPR.
The GDPR will replace an older directive on data privacy, Directive 95/46 / EC, and introduce some important changes that may affect Qiota users.

About consent
You must have a legal basis, such as consent, to process personal data.
The main provision to remember is a new definition of consent that must now be "freely given" and translated into "positive action" for each use that will be made of personal data.
This consent must be explicit and verifiable.
Explicit consent requires that each contact act to give consent.
The opt-in can not use a pre-checked registration box.
In addition, the acceptance message you use must indicate all the ways in which you could possibly use the personal data you collect.
The opt-out (the practice of automatically registering a user to a list by letting the user unsubscribe) and the passive opt-in (pre-checked boxes in the registration forms) will henceforth be forbidden.
The opt-in is the only way to obtain explicit consent and only the lists obtained in this way will be legally usable.

For you, this means that you will now need:
- Place additional opt-ins on your forms for each different use you make of the information you collect (newsletter, automated emails, ...),
- Ask your contacts for new permission each time you want to use the information you have about them in a new way.
It is important to note that this new definition of consent also applies to the personal data of European residents collected before 28 May 2018.
If you have already obtained consent for the use of this data, you do not need to request it again. On the other hand, if your current lists are not up to GDPR standards, you will need to obtain consent again via an explicit opt-in form.
For a Qiota contact, this may mean, for example, that he or she agrees to let you do all or part of the following:
• Transfer their details to the Qiota platform
• Store their details in your Qiota database
• Send them marketing e-mails or letters from your Qiota account
• Track interactions for email marketing and ad placement purposes
This explicit consent does not apply to billing data (billing, subscription, address, payment) or accounting data.

And Qiota in all this?
In addition to updating our general conditions of use, we have initiated Qiota's compliance process.
As a customer of our solution, you will have new rights in terms of protection and access to your personal data. We will also be available to answer all your queries and to help you treat those of your customers.
We are also in the process of assessing the functional impact of the GDPR on Qiota in order to carry out the necessary developments required by this regulation.
With Qiota's compliance, you will also be able to respond to requests from your users who wish to exercise their rights over the data for which you are responsible.
Right of rectification: You can change the information (excluding billing data) of your contacts at any time.
Right to be forgotten: if one of your contacts wishes to exercise their right to be forgotten, you can simply delete it from the list of your contacts (excluding items related to billing): this will also erase all the information on about. If one of your contacts sends us a valid request directly, we will notify you and delete their account information or, if applicable, all Qiota accounts that have information about that contact.
Qiota does not allow you to delete a customer when bills or regulations are attached to it.
We will shortly provide a detailed log of these deletions
Right to portability: you can already export the information of your contacts in .csv file.
Right to access: Make sure to explain the use you make of the personal data you collect in your privacy policy. If your customers ask to exercise their right of access, you can export their information about them in a pdf file (see right to portability).
Available today the printing of a contact card contains the main information stored in your contact database.

Get legal advice The information on this page is intended to prepare you for the RGPD as a Qiota user, but the scope of the new legislation could impact other aspects of your business.
We suggest that you consult a qualified consulting firm to determine the compliance measures to be adopted.

Data Protection Officer - DPO
The company TBS has appointed a Data Protection Officer, Mr. Odile Dussart, 95 avenue Victor Hugo, 83700, Saint Raphael
The declaration to the CNIL under the number 1922653v0

Posted on: 25/05/2018