GDPR: The EU Data Protection Law
Learn about obligations under the GDPR, and how SOL Design Collective uses systems designed for GDPR compliance.
SOL Design Collective Limited places your security and privacy among its highest priorities. That’s why we’ve committed to investing in tools that facilitate compliance with the GDPR, and to educate you on your responsibilities as a creative business owner. As the GDPR’s scope is broad, and the potential penalties for noncompliance are large, we are keen to ensure we are fully transparent.
This page will outline some of the key GDPR principles and terms and present how we ensure compliance from our side, and how they may apply to you. We detail the steps we have taken to ensure that your data is secure within our systems. Please review this carefully.
Disclaimer: This guide is not and should not be considered legal advice. Please consult a legal professional for details on how the GDPR may impact your business, and what you need for compliance.
General Data Protection Regulation (“GDPR”)
The GDPR is a unified regulation that supersedes and universalizes previous privacy laws in Europe, offering citizens and residents of the European Union (EU) greater transparency and controls over how their personal data is used by others. The GDPR requires the compliance of businesses which transact in Europe, or which facilitate transaction in Europe.
How SOL Design Collective Uses Personal Data
SOL Design Collective is committed to full transparency in the handling and processing of our community client’s personal data that we control.
We collect a variety of User Data from our community members – this will include: Name, Email, Phone, Address, Country, IP, and Username (if not a user, it’s automatically generated), and various other fields of data submitted by yourself on our request to facilitate connection, promotion, review, monitoring, learning or feedback.
Our systems tracks the following activities: transactions, helpdesk tickets, memberships, associated lists, and associated sequences.
Data is stored or deleted at the our administrators (Controllers) request within our system, Kartra.
If SOL Design Collective ceases to be an active Kartra customer, our accumulated data will be retired to a storage cluster of servers with no front-facing access. After an arbitrary period of time, the data is deleted.
Data Subject Rights
Under the GDPR, EU data subjects are certain rights regarding their data.
The Right to Data Portability and the Right to Access:
Kartra offers tools to let us answer customer queries about what data we have collected through Kartra and what’s been done with it. If we have collected personal data outside of Kartra, Kartra has no knowledge or ability to answer queries regarding such data.
The Right to be Forgotten and The Right to Restriction of Processing
If, as a customer of SOL Design Collective, you want to see your personal data from within our database? No problem! We can share, remove edit your contact from any list or sequence — or even delete them entirely. However, transactional records will remain intact for bookkeeping purposes (though personal data will be redacted (e.g. ‘blacked out’ from view).
Unless otherwise required by law, in the event that Kartra receives any type of request from a data subject, we will engage the respective customer within seven days to respond to the data subject request.
FREQUENTLY ASKED QUESTIONS
Does the GDPR impact businesses outside of the EU?
In many cases, yes. Even businesses that are not based in the EU are considered to be subject to the GDPR if they are collecting personal data on EU residents. Enforcement of the GDPR outside of the EU will be by EU authorities and it remains to be seen how aggressive they will be. Consult your own legal counsel but it is widely accepted that companies that collect personal data from EU residents will be subject to the requirements of the GDPR.
Does the GDPR require data to be stored in the EU?
The GDPR does not require that data processing (including storage of data) be limited to the EU. Kartra’s Data Processing Addendum includes the EU Model Clauses, which is also a valid mechanism for the lawful transfer of data between the EU and US.
How does the GDPR impact personal data collected before May 25th? Will I need to get consent for all of my leads again?
The GDPR applies to all personal data, even if it was collected before May 25, 2018. As your business is preparing for the implementation of the GDPR, you should make sure you can properly audit the consent records for the EU-residing members of your email list, or that you can obtain and record evidence of consent going forward.
Yes! It contains information on our policies and efforts to comply with all applicable regulations and to guarantee the privacy of your data. It can be found here.
Do your systems carry a Data Processing Policy?
Yes! Our Data Processing Addendum to our EULA contains the details of our data processing and how we work with Controllers and Subprocessors to comply with the applicable regulations and to ensure the privacy of your data. You can obtain a copy of the KARTRA DPA by making a written request by email to our Data Protection Officer.
Who is SOL Design Collective’s Data Protection Officer (DPO)?
SOL Design Collective’s DPO is: Jan Burgess
Email address jan@SOLDesignCOllective.com
Please email them in the first instance, with any data enquiries you may have.
If you remain unhappy you are able to contact Kartra DPO by means of escalation.
In accordance with Article 38 of the GDPR, members of the public may contact the DPO with regard to issues related to processing of their personal data and to exercise their rights under the GDPR – for example, to object to the processing of their data in cases where the data controller (i.e., Kartra’s customer) does not provide an adequate response.
Is Kartra PCI Compliant?
Kartra adheres to, and is audited annually for compliance with, the Payment Card Industry Data Security Standard, which is a rigorous data protection framework oriented towards the protection of payment card data.
Our most recent PCI DSS audit documentation is available upon request. Please contact
firstname.lastname@example.org if you require the documentation.