PushPress is committed to data protection. Below is a guide to the European privacy and data protection changes. This is not legal advice. Please consult your own legal counsel to familiarize yourself with the requirements that govern your own specific situation.

What is the GDPR?

The EU General Data Protection Regulation (GDPR) is a new comprehensive data protection law designed to strengthen and unify data protection for individuals within the EU, essentially giving EU residents and citizens more control of their personal data. The GDPR takes effect on May 25, 2018.

Does the GDPR affect your business?

Any organization with a presence in an EU country or any company that processes personal data of EU residents and citizens will be impacted by this regulation.

GDPR and PushPress

Where is PushPress’ consumer data stored?

PushPress stores all data in servers and backup servers located in the United States.

Will consumers have “the right to be forgotten”?

Yes. The GDPR stipulates that a person has a right to the erasure of personal data. As the data controller, it is ultimately your responsibility to determine whether to honor a request to be forgotten. You will be responsible for approving or denying every erasure request submitted for your business.

Will consumers have “the right to access”?

Yes. The GDPR stipulates that a person has the right to a copy of their personal data. With PushPress, a customer has full access to their personal profile and can update, change or delete information at any time.

Will PushPress be introducing a clearly defined retention period for consumer data?

Consumer data will be retained as long as is deemed necessary unless Right to be Forgotten (right for individuals to have personal data erased) is requested by business or end user.

Does PushPress have a documented Incident Response Plan?

Yes, we have an internal, documented Incident Response Plan. Externally, we will be updating our Terms of Service to include a more detailed description of our notification obligations in the event of a data breach.

What are my responsibilities (as a customer of PushPress) as it relates to GDPR readiness?

As a customer (‘data controller’ under GDPR terminology), you are responsible for ensuring compliance with the key requirements of the GDPR. This includes notifying individuals of how you handle their personal information, obtaining their consent where appropriate, addressing their requests for access to their information, etc. PushPress will provide you with assistance in meeting those requirements where possible and necessary. However, please note that you remain ultimately responsible for compliance with these requirements.

Which of the PushPress auto emails are considered operational (meaning a client will receive them even if they have opted out of all communication preferences)?

Operational/Transactional Emails: Emails that are considered operational or transactional will be sent regardless of whether a client has opted out of communication preferences. These emails are sent in response to a customer’s interaction with a website or app and are defined in strictly functional terms. Examples include password resets, shipping notifications, receipts, legal notices, appointment reminders & confirmations, etc. Opt-In is not required for these types of emails.