Manage data in yve in compliance to the EU General Data Protection Regulation (GDPR).
Checklist for the GDPR
As part of the GDPR, some changes have been made that make it necessary for you, as the person responsible, to take data protection measures. The GDPR now has a greater reach, more rights for those affected, stricter rules for data processing and much higher sentences than the provisions of the BDSG before. To make it easier for you to prepare for compliance with the GDPR regulations for your use of yve, we have put together a non-binding checklist and example for you.
The following contents should be included
a. Which data is collected for what purpose?
b. How is the data handled and what is the duration of storage?
c. That you use yve as a data processor
d. Own measures for data security
e. A statement on the rights of those affected
f. How affected people can contact you
Data processing contract
Since you use yve as your data processor, you are obliged under GDPR to conclude a data processing contract with us. For this we have sent you a questionnaire, which you can conclude in electronic format with us. Without data processing contract you are not allowed to process personal data with yve.
Lawfullness of processing
The GDPR is basically a prohibition regulation with reservation of permission, i. everything is forbidden, which is not expressly allowed. This applies in particular to the lawfulness of the processing.
The following conditions constitute lawful processing under GDPR:
a. Consent for the purposes of data processing has been granted
b. The processing serves the fulfillment of a contract or preliminary contract
c. There is a legal obligation / public interest in processing
d. There is a legitimate interest of the person responsible, which outweighs the protection interest of the person concerned. This is especially the case when
i. The affected is a customer or employee and
ii. Direct mailing for similar products (see § 7 Abs. 3 UWG) is conducted
You should therefore check whether you need any consent at all. If so, the consent has to be voluntary, not linked to any other conditions and it must also be recallable. I should therefore not be a mandatory field. You should therefore seperate between
- Data given by a participant to attend a specific event (i.g. data required for participating in the event)
- The right to invite the participant to other events afterwards or to contact him.
The documentation of the proof can be done in electronic format. In yve you can choose the option 'Show consent form' in the questionnaire. Then the consent form described under "Account -> Consent" is displayed. You can adjust the explanation by clicking on the text of the explanation in the questionnaire. Please enter your contact information for privacy.
There are a total of 5 fields that you can use, depending on how detailed you want to query. The fields can be inserted via the 'Merge Tag' button (only once each time), they appear in the detail report ('Event -> Report -> Detail Report'):
- DSGVO / GDPR: this field is intended for the GDPR consent
- Contact by Email: if you request special contact channels, use this field for email contact
- Contact by Phone: If you request special contact channels, use this field for phone contact
- Contact by Print: if you request special contact channels, use this field for postal contact
- Compliance: if you have an additional compliance questions, use this field
You can have an e-mail log sent to you if the participant submits the questionnaire or signes up. To do this, enter the destination email address under 'Event -> E-Mails -> Sender -> Participants Log E-Mail'. The email contains all data of the participant, his anonymized IP address and the answers of his questionnaire. This e-mail can be saved as proof of the participant activity.
If you use the community, you can set under 'Event -> Edit Registration -> Community Members -> Participants with Opt in'. A question in the questionnaire will be activated, if the participant agrees to be listed in the community as a member. If this option is active, only members who have given this consent will be shown.
For public registrations, you should also select the option 'Record data, then verify email' for security, otherwise you will not be sure if the owner of the specified email has given your consent. You can activate under 'Event -> Websites -> Public Registration -> Terms' that consent to the terms will be requested at the time of the registration.
Data protection processes
You need to set up processes that allow you to safeguard all rights of those affected.
These are as follows:
Obtain consent for data processing
In yve you can choose the option 'Show terms' in the questionnaire (see above).
Provide information about the data processing
Correct the data by those affected
The affected person can correct his profile himself (only with Navbar switched on) and you can change his data via 'Contacts'.
Delete the data
We do not have an automatic feature built-in because you have to decide whether to erase the data or if there are more important reasons than consent (see above) to keep the data. The person concerned can contact you directly. You can then delete his data via, Contacts -> <Name of contact> '.
Restrict the processing of the data
You can put an 'unsubscribe' link in your emails with the merge tag 'Contact unsubscribe' in yve. This link automatically blocks after clicking the email address of the person concerned so that you can no longer send active emails to him. Afterwards the participant will see the website 'unsubscribe newsletter', which you can change under 'Event -> Websites -> unsubscribe newsletter'. You can also set or cancel this block manually via, Contacts -> <Name of contact> -> Email -> Unsubscribed at '.
Transfer the data to a transport medium
You can find the contact under Contacts and create an Excel report with its data via 'Contacts -> Reports'.
Accept cancellation of consent to data processing
In yve you can choose the option 'Show consent form' in the questionnaire (see above). The affected person can withhold consent by deselecting the checkbox. The person concerned can also contact you directly and make the change under 'Event -> Participants -> Questionnaire'.
The processing of your personal data for the aforementioned purpose is based on your consent. You have the right at any time to revoke this consent or to object to the processing. You have the right at any time to obtain information about your personal data, the right to rectify or delete them, the right to limit their processing and the right to transfer data. To contact us regarding privacy, you are welcome to contact us using the contact information below:
<Contact for data protection>
I agree that my personal information will be used for this purpose."