GDPR

Article Contents:


About GDPR

The  General Data Protection Regulation goes into effect May 25, 2018 and applies to all companies that track or store the personal data of individuals living in the European Economic Area (EEA). In order to help your company achieve GDPR compliance, Rejoiner has added new API endpoints, GDPR account settings, and GDPR data subject request forms.

GDPR mandates that companies are required to obtain explicit consent to capture a data subject's personal information. Companies can obtain this consent by adding clear opt-in language to subscription forms and by using the double opt-in method. Rejoiner enables you to employ both approaches.

Record Explicit Customer Opt-In

If you wish to collect email subscribers directly on your site, we make the following recommendations:

  1. Add marketing permission text to your form.  This copy should provide clarity as to what the customer is consenting to, how their data will be used, and set their expectations for future communication.
  2. Enable subscribers to choose exactly what channels they want to be contacted from, for example: email, direct mail, remarking ads. 
  3. Point subscribers to your privacy policy.
  4. Note Rejoiner permission terms. You may need to let customers know that the data they submit will be transferred and processed by Rejoiner. 

Once a customer explicitly opts-in, you can pass that record of consent to Rejoiner via the  Record Contact Opt-In REST API endpoint, or via our customerOptIn JavaScript endpoint. 

This will then flag the data subject with a status of opted-in allowing us to segment them into your Rejoiner programs.

If you need help setting this up, please contact gdpr@rejoiner.com.

Double Opt-In Campaigns

In addition to recording a data subject's explicit opt-in, or as an alternative method, you are able to utilize your Rejoiner automated and broadcast campaigns to gather opt-in confirmation from your customers using double opt-in.

New Subscribers

To confirm consent for new subscribers, we recommend that you use a New Subscriber triggered campaign.

You will need to create a New Subscriber triggered campaign for every list where you would like to have new customers opt-in. We recommend sending a subscription confirmation email immediately after a subscriber has been added to your list(s). Let the subscriber know how and where your company will be using their data and provide a method for confirming their opt-in.

To do so, you can add a button or a text link that uses the {{opt_in}} template tag. Below you will see an example of it's implementation:

<a href="{{opt_in}}" target="_blank">Confirm Your Subscription</a>

Upon clicking any link with the above opt-in template tag, your subscribers will be redirected to a page that acknowledges their provided consent.

Rejoiner will also flag them as opted-in, thus allowing us to segment the subscriber into other Rejoiner programs.

If you need help setting this up, please contact gdpr@rejoiner.com.

You may also choose to give new subscribers a warm welcome by creating a welcome series after they have opted-in. To do so, you will need to use Rejoiner's Opt-In Follow Up triggered campaigns.

An  Opt-In Follow Up triggered campaign starts as soon as a subscriber has been flagged as opted-in. You will need an Opt-In Follow Up triggered campaign for every New Subscriber triggered campaign where you're obtaining subscription confirmation from your subscribers. This trigger allows you to select more than one New Subscriber or Broadcast campaign to follow up with.

Re-confirming Consent from Existing Subscribers

If you have previously obtained consent from your subscribers in a manner that complies with GDPR, there is no need to ask for their permission to be contacted again. However, you may always opt to re-gather consent from those who are on your list. To do so, yo could deliver a Broadcast campaign to all of your subscribers that asks them to re-confirm that they want to hear from you.

To do so, you can add a button or a text link that uses the  {{opt_in}} template tag. Below you will see an example of it's implementation:

<a href="{{opt_in}}" target="_blank">Confirm Your Subscription</a>

Upon clicking any link with the above opt-in template tag, your subscribers will be redirected to a page that acknowledges their subscription confirmation. 

Rejoiner will also flag them as  opted-in, thus allowing us to segment them into Rejoiner programs.

If you need help setting this up, please contact gdpr@rejoiner.com.

Customer Subscription Preferences 

Rejoiner has improved the way subscribers can access their preferences and the way they can make GDPR data subject requests.

To allow subscribers to access their preferences page you will need to add a link to it in your Rejoiner emails. We recommend placing this link in the footer. In order to populate the customer's preferences page link, use the {{subscription_preferences_url}} template tag like so:

<a href="{{subscription_preferences_url}}" target="_blank">Manage Subscription Preferences</a>

A subscriber will then be able to see a page similar to this:

Data Subject GDPR Requests

This page allows subscribers to opt-out and to place GDPR requests in accordance with the expanded rights that GDPR has provided regarding data subject's  personal data

By clicking "Place Data Request", a subscriber will be taken to a form that allows them to submit their GDPR data request. There they can execute all of their GDPR rights such as the right to access, right to be forgotten, right to rectification and right to restrict processing.

Once Rejoiner has received the data subject request, we will forward it to the email address stored for GDPR Data Request Notifications in your Rejoiner account's GDPR Settings. You or a representative at your company will then need to verify the identity of the requestor. Post verification, contact Rejoiner via the form in your GDPR Settings to complete their request.

Request Types

Right to Access: Rejoiner will gather all of the information about a subscriber and will provide that data in a standard downloadable format that can be shared with the data subject.

Right to be Forgotten: Rejoiner will delete all of the information stored about the subscriber once verification has been provided.

Right to Rectification: Rejoiner will update the requested information about the subscriber once verification has been provided.

Right to Restrict Processing: Rejoiner will blacklist the subscriber, will suppress future tracking of that subscriber, and will never email that subscriber again.

Upon form completion your subscribers will receive a notification that the form has been successfully submitted. 

GDPR Settings

All Rejoiner clients who intentionally to do business in EEA markets have GDPR Settings enabled by default. Your GDPR Settings have two components: GDPR Request Notifications and GDPR Data Requests.

GDPR Request Notifications

This section's function is to provide contact information for the person who will handle a  completed GDPR Data Request.

GDPR Data Request Notifications: Where we will contact you when a customer has submitted a request via Rejoiner.

GDPR Data Request Results: Where we will contact you when we have completed a request either placed by you or directly by a subscriber.

Direct GDPR Data Requests

In similar fashion to the  form a subscriber can complete via their Subscription Preferences page, you will find that your GDPR Settings have a form that allows you or your colleagues to place data requests directly. This form handles the same request types as that of the subscriber-facing form. We recommend placing one request per customer as that will allow our team to track and manage your requests easily. 

The main goal of this form is to allow you to contact Rejoiner when a customer has opted to exercise their GDPR rights via another platform or to complete a request placed via Rejoiner post customer verification.

Note that Rejoiner has plans to automate this process and allow you to place requests programatically. However, this may depend on the volume of these requests as we continue to learn more about how GDPR affects our clients after May 25, 2018.

Still need help? Contact Us Contact Us