Everything you need to know about FunnelBud and GDPR
Disclaimer: This does not constitude legal advice, it is simply our own and our lawyers' intepretation of what GDPR means for FunnelBud clients.
What do I need to do with my forms?
According to our interpretation (see In what circumstances can we collect data for marketing purposes?), a simple form notice is enough to fulfill GDPR requirements.
Our understanding is that you don't need explicit opt-in tickboxes (see the reasoning in the above link). But you can if you want to (see next section for screenshots on that).
Below are example form notice texts you can put under each of your forms (ask FuB for help to do that).
LONG VERSION (English): “By clicking on the link you agree to receive emails from us with tips, advice, event invitations and promotions that can help you get more value from your [SOLUTION] solutions. You can withdraw your consent at any time by clicking the unsubscribe link at the bottom of every email. Read more about our GDPR policy here.”
LONG VERSION (Swedish): “Genom att klicka på länken samtycker du till att ta emot mailutskick från oss; med tips, råd, inbjudningar till evenemang och erbjudanden som kan hjälpa dig få mer värde från era lösningar. Du kan när som helst ta tillbaka ditt samtycke genom att klicka på den länk som finns i ditt mailutskick. Läs mer om vår GDPR-policy här.”
SHORT VERSION (English): “By filling out the form, I agree to receive emails with tips, invitations, and promotions that can help me get more value from my [SOLUTION] solutions. Read more about our GDPR policy here.”
SHORT VERSION (Swedish): “Ja, genom att fylla i formuläret samtycker jag till att ta emot mailutskick med tips, inbjudningar och erbjudanden som kan hjälpa mig att få mer värde ur era lösningar. Läs vår GDPR-policy här.”
Are we allowed to work with you if you or your sub processors store data outside of the EU?
Yes. This is allowed if our agreement with you allows us to do this as long as any subprocessors we may use follow GDPR standards. This is the case if we have have EU’s so called “Standard Contractual Clauses” (SCCs) in our agreements with our subprocessors.
Are SCCs sufficient to be able to store data in the US?
Per the Schrems II judgement, while the Privacy Shield is no longer valid, SCCs still are and they are not affected by the decision.
By signing and adhering SCCs, the protection data subjects enjoy are on par with the requirements of the GDPR, and thus you can use these as a basis for transferring and storing data in the U.S.
Read our full analysis here: Are SCCs enough for you to transfer data to US with FunnelBud?
Is it enough that we sign an agreement with you or do we need to sign also with your sub processors?
Since you are buying the software from us, it is enough that you sign with us as long as our agreement covers under which circumstances we can sign agreements with our sub-processors.
When someone subscribes to something like a Breakfast seminar, is it automatically OK to send post seminar offers? Did they technically opt in to that?
What about leads already opted in, do we need consent? Do we need to send them an opt-in email?
Are US-based support personnel supporting FunnelBud allowed to access EU data?
Yes, if we and our sub processors follow GDPR rules for how data should be processed.
What text can we use to describe how cookies are used to track visitors on our site?
__ss_referrer Expires after 1h
__ss Expires after 24h
__ss_tk Expires after 25 years
Description: These cookie collects information on visitor behavior on multiple websites - This information is used on the website in order to optimize the relevance of advertisement to match you and your interests. They may be used to deliver targeted advertising or to limit the number of times that you see an advertisement. The cookie also allows the website to determine how the visitor accessed the website.
They will always be persistent but time-limited cookies. These cookies contain a unique key that is able to distinguish individual users’ browsing habits or store code that can be translated into a set of browsing habits or preferences using information stored elsewhere.