The General Data Protection Regulation (GDPR) is a comprehensive European privacy law that took effect on May 25, 2018. Brandle views this law as an important step forward in streamlining personally identifiable information (PII) data protection requirements across the European Union.
What is GDPR?
We are committed to our customers’ success and prospects' privacy, including compliance with the GDPR. In order to follow-through with the responsibilities of GDPR, Brandle requires the partnership and action of our customers and contacts in order to continue communication. To that end, we are publishing our plans for GDPR compliance and stating where we need your participation.
There are five areas where we may store information about you:
- Brandle Presence Manager User Database (Brandle as "Data Controller")
- Brandle Presence Manager Customer Contacts Database (Brandle as "Data Processor")
- Brandle Support Database (Brandle as "Data Controller")
- Marketing and Sales Database (Brandle as "Data Controller")
- Brandle Customer Product Updates Database (Brandle as "Data Controller")
We store this information in three key database systems:
- The Brandle Service where we store the Brandle Presence Manager Database and Customer Contact Database.
- The Brandle Customer Support System which currently is in Zendesk.
- The Brandle Marketing System which houses the Marketing and Sales Database and Customer Product Updates (which is currently in Hubspot).
The Brandle Service
The Brandle Presence Manager User Database
Brandle adds the initial Account Administrator after license execution and at the request of the company in order to initiate the Brandle Account and the relationship between Customer and Brandle. As stated previously, the Company Administrator then adds the other company team members to the account by inviting them into the account. The invited party then accepts the invitation. Should an individual wish to be deleted from the Brandle System, they will need to contact the Company Administrator and ask to be removed. At that time, the Administrator can perform that action within Brandle and inform their Brandle Account Manager that all information for that person must be removed from the Brandle System.
When a person is invited to join an Account Team in the Brandle Presence Manager, the system creates a User Account for him or her. Only a minimal amount of data (First Name, Last Name and Email) is collected for a User, which is used to identify team members and to send system email messages (e.g. patrol or monitoring reports, profile change alerts, etc). The system also records IP addresses when users log in for audit and security purposes.
This information is stored in the Brandle Presence Manager and Brandle, Inc. is considered the "Data Controller" for this information. If you wish to make an inquiry about any information Brandle may have on you as a controller, you should log into your Brandle User account and submit a request via the User Menu (top right of menu bar, under your name). You may also request that your account be deleted and your data purged using this menu. The User Menu also provides you with the ability to change your contact information and to control your communication preferences.
Note that you may also be in your (ex-)employer's Brandle Presence Manager Customer Contacts Database as well, which means you will have to submit a separate request to them to have your information removed from the data which they control. there is a request process in the Brandle account that allows the company Administrator to perform this task.
The Brandle Presence Manager Customer Contacts Database
An important feature of the Brandle Presence Manager is the ability for an enterprise to associate the people who manage or are otherwise associated with a specific point-of-presence (POP – i.e. a web property like a website or social media page) for the enterprise. To this end, Brandle allows an enterprise to add Contacts to the system and associate them with POPs. Only a minimal amount of data (First Name, Last Name and Email) is collected for a Contact and the email address is usually a work email address.
This information is stored in the Brandle Presence Manager and Brandle, Inc. is considered the "Data Processor" for this information. If you wish to make a request about this data, it should be made to the Brandle Customer who is the "Data Controller." Brandle will provide to its Customers the ability to satisfy GDPR queries via the Brandle Presence Manager.
Brandle Customer Support System
Brandle collects Personal Information in our Customer Support System (currently Zendesk) when a customer or customer contact communicates with us via a support ticket or submittal from a Brandle Account Reach Form. Only information that the individual submits regarding the request, their name and email are submitted into the system. Our return emails to give support are associated with the contact record. Should a customer wish to review their support tickets and information we have on them in the Customer Support system, please send an email to email@example.com.
Brandle Marketing System
Brandle manages a sales and marketing database of contacts and customers in order to communicate about Brandle and the Brandle Presence Manager. Each audience receives specific information.
The Marketing System houses contact information submitted via a website form, from events and meetings, and from the Brandle System (for customer communication).
Brandle Forms on our Website
Brandle offers downloadable information on our website and the ability to contact us directly. These actions require that an individual complete a form in order to download information or send us a request. Until now, this contact information was automatically submitted into the Brandle sales and marketing database.
As of May 7, 2018, every person who completes a form is now required to check an OPT-IN button with the clear understanding that their name will be submitted into the Brandle sales and Marketing database. We have opted to do this is for every contact, not just individuals from EU countries. Once an individual Opts-in, their contact information will be marked as giving his/her consent freely to be added to the database.
Once a contact has opted-in, then we will record in our database that this person has given permission to have Brandle contact them for sales and marketing purposes. Every person has the option to Unsubscribe or alter his/her email preferences on every email sent from the sales and marketing database (as has always been the case to comply with the Can-Spam Act).
Brandle Website Cookies
Brandle has cookies on our website that tells us when an individual that is in our database returns to our site to visit. this cookie also tracks the time that the contact visited.
There is also a cookie that gives us an IP address and a suggested company for website visitors who are not in our contact database. this allows us to see that a specific company or organization may be viewing our site, but not the individual. Should an individual complete a form and opt-in to Brandle communication, they will then be included in the marketing database.
Brandle Marketing Email Compliance for GDPR
Brandle has sent permission emails to our contacts in the EU to gain permission to continue housing their data.
Customers receive information about new features of the Brandle Presence Manager, tips and tricks for working with the Brandle Presence Manager, and general information regarding domain names, websites and social networks which may affect their use of Brandle or their web presence governance efforts in general.
On May 14, 2018 all customers with Brandle team members (users) in the EU received an email to OPT-IN to receive these Brandle communications. As a precaution, a follow-up email will be sent to anyone who has not responded at that time. On May 25th, any person who has not responded by will be removed from this Brandle database. Any person who has OPTED-IN will stay in the database and his/her record will be marked as having given consent. Individuals will continue to have the opportunity to unsubscribe or change their email preferences at any time.
The emails also clearly state the difference between this database and how their data is stored in the Brandle System. Each user is able to change his/her email preferences in the Brandle Presence Manager (under the user menu). Brandle will not be removing these contacts from the Brandle System as their Company Administrator of their Brandle account has invited into the system in order to perform their job. Should they wish for the information to be deleted from the Brandle System, they will need to contact the Company Administrator and ask to be removed. At that time, the Administrator can perform that action within Brandle and inform their Brandle Account Manager that all information for that person must be removed from the Brandle System.
Brandle Contacts and Leads (Not Customers)
General contacts and leads in the Brandle sales and marketing database receive information about social media governance and web presence management, general sales and marketing information about Brandle, and industry specific information and how Brandle can help them perform better digital risk management.
On May 14, 2018, these people received an email from Brandle to OPT-IN to Brandle communication. A follow-up email will be sent to capture anyone who has not responded. Any person who has not responded by May 25th will be removed from this Brandle database. Any person who has OPTED-IN will stay in the database and they will be marked as giving their consent freely. Individuals also have the opportunity to unsubscribe or change their email preferences.
We hope this clarifies how Brandle is addressing the GDPR! If you have any questions, please let us know at firstname.lastname@example.org. We want to ensure that you have all the information you need to understand how we are protecting your data, and the data of your employees.